Is it safe to use stored procedures in MySQL or on other RDBMSs?

Posted on by

Is it protected to make use of stored procedures in MySQL or upon alternative RDBMSs?
Are there risk(s) indispensable to cruise prior to regulating stored procedures?

One thought on “Is it safe to use stored procedures in MySQL or on other RDBMSs?

  1. Stored procedures did not come to MySQL until version 5. The progamming language is also important. PHP needs mysqli to run stored procedures. ASP/ADO can run stored procedures without a hitch.

    As far as safety, you are much better off using a stored procedure when preventing SQL injection. Your other option is to use parameterized queries – you will have to check the documentation on whatever programming language you are using to find out how to do that.

    The only "risk" I can see is in the naming conventions. Don't prefix your stored procedures with sp_ . MS SQL names all its internal stored procedures that way, and IIRC, MySQL does, too.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>