takes to write them. It turns out that it is quicker for me to write cfquery
with cfqueryparams than stored procedure in sql server 2000 and cfstoredproc
in CFMX.
Also, when the query code is in the CFC I can right away see what the given
piece of SQL does. Using cfquery is a bit less secure than stored procedure
but I gain speed. Since I am not building fort knox, I am willing to
sacrifice some security layers for speed.
TK
-----Original Message-----
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 8:48 PM
To: CF-Talk
Subject: Re: why are procedures better? (was: RE: Securing CF Apps.)
> 1. They execute faster. The db (I only know from Oracle and SQL
> Server, if
> others are different it doesn't really concern me) can optimize the
> execution plan.
>
Prepared statements execute at the same speed as stored procedures.
> 2. You can often times do more. There are things I can do in a pl/sql
> package/procedure that I cannot do in a query call
>
For example?
> 3. You can limit access with them. Now granted you can set it up so
> you are
> only selecting from a view in your query block as well, but it makes
> more
> sense to me to do it in a procedure.
>
Why does it make more sense?
> 4. An additional layer of security. You can ensure that you user not
> only
> cannot execute the procedure, but they can't even tell it exists.
>
If the user is executing the procedure how could they not know it
exists?
> I am sure there are more reasons, but I think those are sufficient to
> use
> procedures.
>
If that's all, I guess I'll continue to use cfquery.
-Matt
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
