Just wondering about something

Posted By: Ang3lFir3 | Feb 27th, 2008 @ 8:48 AM
page 1 of 1
Comments: 16 | Views: 1761
#Feb 27th, 2008 @ 8:48 AM
Ang3lFir3
Ang3lFir3
Codito Ergo Sum
I'm just wondering about something and so I figured the best place to ask was channel9. (yeah i know ambitious of me).

Can anyone give me a solid well thought out reason for keeping 90% or more (or even any) of your business logic in SQL sprocs? I've moved into a new position at a new company and the application I am working on uses sprocs to handle most of its logic. I'm trying to find a reason as to why this might be beneficial vs some other more OO technique.

Please keep in mind that:
       this is SQL 2000
       this is an ASP.Net 2.0 app
       this is IIS 6.0

Upgrading is not an option at this point, but I am trying to make an argument for MVC and Linq2SQL with a better Data Model.

Thanks in advance
#Feb 27th, 2008 @ 8:59 AM
Tensor
Tensor
Im in yr house upgrading yr family
More often than not the reason is that that is wha the people developing it knew at the time... There can be good reasons though. If you have some very data-intensive work to do it pays to be as close to the data as possible.
#Feb 27th, 2008 @ 9:01 AM
Massif
Massif
aim stupidly high, expect to fail often.
I was going to go for minimizing network traffic, or avoiding race conditions on queries which read and update data entries.

But given I know nothing at all about working with databases, I shan't embarrass myself further.
#Feb 27th, 2008 @ 9:19 AM
Dr Herbie
Dr Herbie
Horses for courses
Depends on how data-heavy the logic is : using stored procs may be faster.  We're currently going through an optimisation phase on our mature project -- some of the optimisations include taking data-heavy C# logic from the DAL (on a separate server from the SQL Cluster) and re-implementing it as stored procs. In some cases it's a little faster, in some cases it's a lot faster.

It also means that you can theoretically update the logic without releasing a new build of the code (just run a SQL script) and possibly even without having to take the system off-line.

Herbie
#Feb 27th, 2008 @ 9:21 AM
vesuvius
vesuvius
Das Glasperlenspiel
There is absolutely no reason not to have them. I have experimented with Linq and tried to use it with a small(ish) project and really wish I had not.

The biggest problem with new things like Linq is that you literally are putting SQL queries in your page (code behind). The way Linq is implemented at present means that you cannot have all your queries in a seperate .dll and have a clean separation of concerns. Datasets/adapters offer a far much cleaner speration of concerns than Linq and the support for them is mature so you get an excellent developer experience.

People always get bored and feel that they should change things in order to progress (new job, make your stamp on things) but stored procedures are still best (in my opinion).

The ADO.NET Entity framework is going to be the next data thing worth looking at, but again, as Microsoft go, you probably will get a 60% complete product and I will wait till VS next version till I use it in a live project. I used to run and jump on the latest technology trends and have paid the bitter price in wasted time, money and productivity, when existing technologies would suffice.

Stick with Stored Procedures! Put you stamp on usability, performance and UI.
#Feb 27th, 2008 @ 9:39 AM
Maddus Mattus
Maddus Mattus
Do, or do not. There is no try. - Yoda
Ang3lFir3 wrote:
Can anyone give me a solid well thought out reason for keeping 90% or more (or even any) of your business logic in SQL sprocs?

You can update business logic without compiling the solution?

But, if you manage that database on your own and you are familiar with the code it should be ok.

If you have a DBA wich must provide support for this application in the future. He will not want to support business logic. DBA only want to manage the database and how you access it. So you can have complicated queries and database models. But in general they will not understand business logic. So there is that risk.
#Feb 27th, 2008 @ 10:53 AM
Ang3lFir3
Ang3lFir3
Codito Ergo Sum
Thank you all for your responses and well thought out reasoning. From what I am gathering , ease of changing rules and lack of needing to recompile are the best arguments for sprocs. I was already aware of this (sorry for that) but was looking to see if there were any other reasons i had not considered.

We are an organization that uses the tools we create internally (we have no external customers). We create mostly web apps and click-once apps, however we do have many legacy situations where sprocs and views might simply be the easiest solutions.

I'm still open to any other reasons why one would want to keep all that logic in sprocs.... but so far I am not seeing it. (I'm really trying to use this as a learning experience so please keep that in mind)

@vesuvius -- it has not been my experience that Linq2SQL would prevent you from keeping all your query logic in one dll. Please elaborate as I would be interested to see an example of where this is the case.

Once again thank you all for your time
#Feb 27th, 2008 @ 2:12 PM
RichardRudek
RichardRudek
So what do you expect for nothin'... :P
I probably shouldn't say anything because I've realy only been a spectator, though admittedly, for quite a bit of time. But perhaps I can give some insight, and if nothing else, have my thoughts tested... Wink

I think this is a similar argument as exisits between managed and unmanaged code. eg .NET and the new C++ stuff. As tends to happen, there is competition where each camp finds problems with the other, and over time, the issues get resolved, patterns and practices formulated, etc. If the two methods are equally strong, then this will continue into perpertuity. So that should be your first clue that what your attempting to 'resolve' is not going to be a trivial task.

As tends to happen, each camp contains varying level's of extremism, and you get a pendulum-type effect among the general community, as these extremists win and loose 'battles'. For example, with old database systems (eg mainframe), the database was considered an application framework, and so they produced 'UI' and interacted with human operators.

So the issue is: where is the 'best' place to have your business logic.

Obviously the answer is going to be, it depends. You need to define what 'best' means to you. Which will likely include everything from the minimum amount of necessary hardware, through to robustness of the database if the data is accessible/mutable outside of your business logic.. Wink
#Feb 28th, 2008 @ 5:02 AM
vesuvius
vesuvius
Das Glasperlenspiel
I feel that his business logic is already in the best place. Stored procedures are disliked because they are awkward and basically you're using functional programming instead of imperative.

One can use Linq to sprocs you can also use sprocs with table adapters, but you have problem with joins. The unskilled approach is to use correlated queries but JOINS are the best way to perform this as illustrated in this example here.

In windows forms databinding with Linq across two tables to perform aggregate queries requires quite a bit of coding. Lets say, for example, you are using the standard datagridview. With table adapters, you can use your correlated sql query or stored procedure and you get all the fantastic binding that comes with it. You can format your grid easily, because the columns are generated at design time. Try this with Linq joins, the best you have is the autogenerate columns enum. I have an application with several grids and this is a doddle with table adapters.

The biggest problem with Linq to SQL is in N-Tier applications, specifically where you want to use offline data synchronisation services, you find that Linq to SQL Compact is not supported, whereas datasets are made for this scenario. I was elated when I came across this n-tier example http://www.subsonicproject.com/view/soniccast-6---linqtosql.aspx but came across (even the guy in the video has problems) difficulties again. With datasets validation is made for n-tier, you can call .SetSolumnError(thiscolumn, "Linq is not mature yet, stick with sprocs") in your data set project, with Linq you have to throw and then handle the exceptions from the partial classes. Again a real time waster.

I also use third party components and you will find that most if not all grid/reporting/charting components are made for datasets, this is the de facto implementation. The Linq team did not address all the above and more, which is why take up will be slow in the enterprise, regardless of what MS promulgate! Most people that extol Linq either teach it, have dabbled with it, or have written a book on it. NONE of them have ever written an enterprise application with it (yet).
#Feb 28th, 2008 @ 7:16 AM
ZippyV
ZippyV
Fired Up
I'm surprised nobody said something about security.
You can configure SQL Server so that it only allows an account to execute certain stored procedures.

For example, you give the asp.net user account only access to execute the stored procedures your site uses. That way, if somebody breaches your website they won't be able to do a 'SELECT * FROM users' or 'DELETE FROM orders'. The hacker will only be able to execute the stored procedures that you gave asp.net permission to.
#Feb 28th, 2008 @ 7:18 AM
Maddus Mattus
Maddus Mattus
Do, or do not. There is no try. - Yoda
ZippyV wrote:
I'm surprised nobody said something about security.
You can configure SQL Server so that it only allows an account to execute certain stored procedures.

For example, you give the asp.net user account only access to execute the stored procedures your site uses. That way, if somebody breaches your website they won't be able to do a 'SELECT * FROM users' or 'DELETE FROM orders'. The hacker will only be able to execute the stored procedures that you gave asp.net permission to.


Indeed! You can easily use SQL Server Security model. Nice one!

If you use integrated security in your asp.net solutions, it's very easy!
#Feb 28th, 2008 @ 7:26 AM
Yggdrasil
Yggdrasil
Pour me a cab, 'cause I can't drink no more.
ZippyV wrote:
I'm surprised nobody said something about security.
You can configure SQL Server so that it only allows an account to execute certain stored procedures.


Well, in .NET you can do the same for methods in your code. Just slap a [PrincipalPermission] attribute on a method, and you'll get a SecurityException if an unauthorized user tries to call it.

Not the way I'd do it, though.
#Feb 28th, 2008 @ 7:26 AM
blowdart
blowdart
Peek-a-boo
Then there's optimisation.

Every DBA who has watched  the query paths linq comes up with laughs then cries as they realise every query begins with SELECT *.

Not a one has turned around and gone "Yea ok developers can use that". Developers *SUCK* at databases. Linq just auotmates that suckage.
#Feb 28th, 2008 @ 7:31 AM
Maddus Mattus
Maddus Mattus
Do, or do not. There is no try. - Yoda
blowdart wrote:
Then there's optimisation.

Every DBA who has watched  the query paths linq comes up with laughs then cries as they realise every query begins with SELECT *.

Not a one has turned around and gone "Yea ok developers can use that". Developers *SUCK* at databases. Linq just auotmates that suckage.

I do not suck at databases!

I never use select *! Because I use the guidance from p&p:

http://www.codeplex.com/RepositoryFactory
#Feb 28th, 2008 @ 8:33 AM
Colin Angus Mackay
Colin Angus Mackay
Developer! Developer! Developer! comes to Scotland on the 10th May 2008
blowdart wrote:
Developers *SUCK* at databases. Linq just auotmates that suckage.


I resent that remark. I don't suck at databases.

Developers who suck in general also suck at databases. A developer, especially one who develops business applications, needs to know a fair bit about databases. Maybe not so much that they can fully administer a database server, but they need to know about how to write queries and how security works.

Its like when I interview people. I ask how they access the database in their application. If they only mention wizards they fail. If they can describe how the classes interact and the various ways in which you can access data with the pros and cons of each method then I'll be happy.
#Feb 28th, 2008 @ 8:42 AM
Ang3lFir3
Ang3lFir3
Codito Ergo Sum
ZippyV wrote:
I'm surprised nobody said something about security.
You can configure SQL Server so that it only allows an account to execute certain stored procedures.


Very true.... we do this using a special SQL Server account for the application and only allow it to execute the sprocs it needs. It does indeed work well.

I've been torn about this for awhile... They don't feel right but have several benefits. Including optimization as blowdart pointed out.

One concern I have had with them... is in usage from the Application side. Not being the person who created the sprocs it is often hard for me to know the parameters needed to execute the sproc and to know which parameters are optional and what I will get in return. I have to open the sproc code and investigate the sproc to see which parameters I absolutely have to pass to it to get the result I want.
Maybe this is a design issue but I see it as a potential concern (Linq to sprocs does help with this which is nice). Using them is very vague in general, unless you were the person who created it in the first place, there is no guarantee of the shape of the returned data.

Is this just a matter of cenvention?
#Feb 28th, 2008 @ 9:41 AM
Maddus Mattus
Maddus Mattus
Do, or do not. There is no try. - Yoda
Ang3lFir3 wrote:
Is this just a matter of cenvention?


Well, if you go for the solution you opted, the stored procedures are going to get messy not matter what. Cursors, large queries, temp tables, calculations, business rules,.. So I do not think a convention will help you there.
page 1 of 1
Comments: 16 | Views: 1761
Microsoft Communities