My recent project does not allowProgramWrite the SQL statementCodeBut must be implemented using a stored procedure, even a SELECT statement. I think this is more advantageous than harm. Of course, my project is not very complex, and there are about two hundred stored procedures.
In my opinion, the advantages of not allowing SQL statements in Code are as follows:
1. avoid confusion. Changes in requirements will always lead to data changes. changing data access only changes in the stored procedure that is centralized together, rather than turning around in the Code, making the code very clear.
2. performance advantages. The SQL Server 2005 Technology insider says that stored procedures will reuse cached execution plans, saving the CPU resources and time required for analysis, parsing, and code optimization.
3. Code security. If you splice SQL statements in the code, a slight carelessness will lead to SQL injection. In the stored procedure, you can filter input parameters again to prevent invalid parameters.
Of course, every project is different. How to access data requires careful analysis of the specific situation of each project before making a decision.