Comments on: Is it safe to use stored procedures in MySQL or on other RDBMSs? http://www.findistore.com/is-it-safe-to-use-stored-procedures-in-mysql-or-on-other-rdbmss We are Professional Web Designer. We specialize in Website Design & eCommerce Web Services Tue, 09 Mar 2010 15:00:20 -0800 http://wordpress.org/?v=2.8.3 hourly 1 By: arbpen http://www.findistore.com/is-it-safe-to-use-stored-procedures-in-mysql-or-on-other-rdbmss/comment-page-1#comment-4361 arbpen Sun, 28 Jun 2009 20:49:34 +0000 http://www.findistore.com/is-it-safe-to-use-stored-procedures-in-mysql-or-on-other-rdbmss#comment-4361 Stored procedures did not come to MySQL until version 5. The progamming language is also important. PHP needs mysqli to run stored procedures. ASP/ADO can run stored procedures without a hitch. As far as safety, you are much better off using a stored procedure when preventing SQL injection. Your other option is to use parameterized queries - you will have to check the documentation on whatever programming language you are using to find out how to do that. The only "risk" I can see is in the naming conventions. Don't prefix your stored procedures with sp_ . MS SQL names all its internal stored procedures that way, and IIRC, MySQL does, too. Stored procedures did not come to MySQL until version 5. The progamming language is also important. PHP needs mysqli to run stored procedures. ASP/ADO can run stored procedures without a hitch.

As far as safety, you are much better off using a stored procedure when preventing SQL injection. Your other option is to use parameterized queries – you will have to check the documentation on whatever programming language you are using to find out how to do that.

The only "risk" I can see is in the naming conventions. Don't prefix your stored procedures with sp_ . MS SQL names all its internal stored procedures that way, and IIRC, MySQL does, too.

]]>