Comparison of stored procedures and SQL statements

As a new SQL stored procedure and. NET Novice, the following guidance is still very useful, their own this paragraph just contact these things, collect some related things, can make novice easier to use, of course, to proficient and skilled application, or to see more deeper information, master Please do not laughed at.
The following are from the network, only for reference learning:
--------
stored procedure and SQL statement Revenge
The programmer says: A stored procedure is still an SQL statement, which is a problem.
Lakes and rivers now have three schools, one is the SQL statement flow, advocating the use of SQL statements, faction is stored process faction, advocating the use of stored procedures to speak, and the school is the median faction, emphasizing harmony, so also on the former two factions noisy, mean faction of the watch lively. Now the SQL has nhibernate led by a number of ORM, the recent wind and more proud, the storage process faction also has its own killer cheats, the two factions, the battle has been long-standing.
Stored procedures to the pursuit of speed, the so-called world No power is not broken, only fast not broken, this is the storage process of people walk the biggest cost of the lake. Before the stored procedure sent the attack SQL statement sent by a cheat is safe, but now no one with the connection string of dynamic SQL, this trick also failed.
SQL statement is a very old school, but the majority of novice, veteran many to the enemy camp stored procedures sent. Java is a lot of people are SQL statements, and stored procedures to the majority of Microsoft Help.
But the storage procedure faction also has the weakness, the portability is one, also has the extensibility, because the general large-scale Web application is the multi-Web server, then uses the double database server to make the dual machine hot standby, one of the boot, but is idle, here only solves the single point of failure the question, However, the formation of a multi-Web application server, single database server, if all the operations are implemented with stored procedures, it will cause the database server overload, and the Web server load is not enough, and the expansion of the database server will be very troublesome, and the investment is larger, the program needs to be changed, Investing in Web servers is relatively inexpensive and easy to scale.
People in the lakes and rivers drift where there is no knife, so the golden mean a little more insurance, I tend to put more burden into the program, and reduce the burden of the database, because as long as the database can be carried, and then increase the Web server that is relatively easy, but once the database server can not carry on we will only cry. General report a few more complex result sets I use stored procedures to package, general query and cuid operation I'm looking for an ORM to fix it.

In fact, is mainly in the soft rib of the storage process.
1) From a deployment perspective, stored procedures are more difficult than SQL
2) from a performance perspective, stored procedures are higher than SQL
3) from security will, stored procedure than SQL anti-injection
Process can reduce the amount of network data transfer, the calculation is placed on the server

The front-end program can directly access the database table, directly in the SQL language directly to the database table read and write operations;

For security, can be programmed to use stored procedures for data table read and write operations, and the front-end program directly accesses these stored procedures, rather than the database table;

A more secure approach is to increase the database access layer between the front-end program and the database, the front-end to submit the data read and write requests to the middle tier, the middle tier and database connection to the actual database operation, the results to the front end, this way can avoid the front-end machine directly connected to the database, the database is more secure.

Comparison of stored procedures and SQL statements