Why use stored procedures?
1. The stored procedure enforces parameters on data input from applications that can prevent damage from malicious code injected by a cyber thief or vandal.
2. They cache the execution plan.
3. They can improve your system performance.
A stored procedure gets executed in the same way as a pre-written SQL statement. The big difference being that the pre-written SQL statement will not discriminate about what kind of information gets entered into a field, only placing a variable.
In the case of placing a table full of valuable customer data, malicious code can be inserted instead.
Stored procedures allow you to bind input to a specific data type, so it will look for an actual date in a date field or expect text info rather than an integer in a name field – validating what’s going on in your database.
Stored procedures close an Achilles' heel in your system – protecting the point of vulnerability where code injection can occur.
There are few DBAs of developers who want to spend their day investigating where the point of penetration was while you sweat through backup and recovery mode.
The learning curve for using stored procedures is more than forgiving enough to justify DBAs and developers getting together on this issue.