在DBMS中，存储过程是一组具有指定名称的SQL语句，这些SQL语句以编译后的形式存储在数据库中，这样就可以由许多程序共享。

存储过程的使用在

提供对数据的受控访问(最终用户只能输入或更改数据，但不能编写过程) 确保数据完整性(数据将以一致的方式输入)和 提高工作效率(存储过程的语句只需编写一次)

想想这样的情况，

You have a database with data. There are a number of different applications needed to access that central database, and in the future some new applications too. If you are going to insert the inline database queries to access the central database, inside each application's code individually, then probably you have to duplicate the same query again and again inside different applications' code. In that kind of a situation, you can use stored procedures (SPs). With stored procedures, you are writing number of common queries (procedures) and store them with the central database. Now the duplication of work will never happen as before and the data access and the maintenance will be done centrally.

注意:

In the above situation, you may wonder "Why cannot we introduce a central data access server to interact with all the applications? Yes. That will be a possible alternative. But, The main advantage with SPs over that approach is, unlike your data-access-code with inline queries, SPs are pre-compiled statements, so they will execute faster. And communication costs (over networks) will be at a minimum. Opposite to that, SPs will add some more load to the database server. If that would be a concern according to the situation, a centralized data access server with inline queries will be a better choice.

存储过程是一个预编译的SQL语句集，它执行一些特定的任务。 存储过程应该使用EXEC单独执行 存储过程可以返回多个参数 存储过程可用于实现事务

存储过程用于检索数据、修改数据和删除数据库表中的数据。你不需要每次在SQL数据库中插入、更新或删除数据时都写一个完整的SQL命令。

序言:SQL92标准创建于1992年，并由Firebase DB推广。该标准引入了“存储过程”。

** 透传查询:一个字符串(通常通过编程连接)，计算为语法正确的SQL语句，通常在服务器层生成(在PHP、Python、PERL等语言中)。然后将这些语句传递到数据库。 **

** 触发器:设计用于响应数据库事件(通常是DML事件)而触发的一段代码，通常用于强制数据完整性。 **

解释什么是存储过程的最好方法是解释执行DB逻辑的传统方式(即不使用存储过程)。

创建系统的传统方式是使用“直通查询”，并且可能在DB中有触发器。 几乎所有不使用存储过程的人都会使用一个叫做"直通查询"的东西

随着存储过程的现代约定，触发器和“透传查询”一起成为传统。

存储过程的优点是:

They can be cached as the physical text of the Stored Procedure never changes. They have built in mechanisms against malicious SQL injection. Only the parameters need be checked for malicious SQL injection saving a lot of processor overhead. Most modern database engines actually compile Stored Procedures. They increase the degree of abstraction between tiers. They occur in the same process as the database allowing for greater optimisation and throughput. The entire workflow of the back end can be tested without client side code. (for example the Execute command in Transact SQL or the CALL command in MySQL). They can be used to enhance security because they can be leveraged to disallow the database to be accessed in a way that is inconsistent with how the system is designed to work. This is done through the database user permission mechanism. For example you can give users privileges only to EXECUTE Stored Procedures rather that SELECT, UPDATE etc privileges. No need for the DML layer associated with triggers. ** Using so much as one trigger, opens up a DML layer which is very processor intensive **

总之，在创建一个新的SQL数据库系统时，没有理由使用直通查询。

值得一提的是，在已经使用触发器或直通查询的遗留系统中使用存储过程是完全安全的;这意味着从遗留过程迁移到存储过程是非常容易的，而且这样的迁移不会使系统长时间停机。

存储过程是SQL语句和过程逻辑的命名集合，即编译、验证并存储在服务器数据库中。存储过程通常被视为其他数据库对象，并通过服务器安全机制进行控制。