Is it safe to use stored procedures in MySQL or on other RDBMSs?
Jun 28th, 2009 | By KC | Category: My SQL RelatedIs it protected to make use of stored procedures in MySQL or upon alternative RDBMSs?
Are there risk(s) indispensable to cruise prior to regulating stored procedures?
Stored procedures did not come to MySQL until version 5. The progamming language is also important. PHP needs mysqli to run stored procedures. ASP/ADO can run stored procedures without a hitch.
As far as safety, you are much better off using a stored procedure when preventing SQL injection. Your other option is to use parameterized queries – you will have to check the documentation on whatever programming language you are using to find out how to do that.
The only "risk" I can see is in the naming conventions. Don't prefix your stored procedures with sp_ . MS SQL names all its internal stored procedures that way, and IIRC, MySQL does, too.