I have seen in a number of discussions the idea that it is a best practice to avoid inline SQL. Some seem to be of the opinion that inline SQL should be absolutely forbidden. However, most places that make this statement either contain no explanation for why or they have a simplistic statement that it makes the code brittle.
So, is it truly a best practice to avoid inline SQL in all circumstances? If so, why? And if not, why is it so widely believed?
---------------------------------
**Some Background**
I know of discussions like the one at [StackOverflow][1]. But there many people seem to believe that it is acceptable without providing the other part of the story about why the belief is common. The ones that seem to consider it unacceptable generally use some form of the "brittle" statement without much explanation or a generalization that it is too much like hard coding (which is almost the same thing). I thought a group of SQL Experts might have a more detailed answer than the ones that were there.
I also know quite well that there are times that ORMs make sense and times that stored procedures absolutely make sense. But it doesn't explain why so many developers consider inline SQL to be absolutely anathema.
Thank you all for any insights.
__________________________________________
**Conclusions**
I gave this a few days and read over the answers as well as a few more [articles][2] on the topic. It seems the consensus is that there is no reason, in general, to consider inline SQL forbidden.
There are of course reasons to make sure that any inline SQL is well written and [paramaterized][3]. There are also certain times in a project where you may want to enforce use of a ORM or force use of stored procedures, but that seems to be more of a project by project determination rather than a generalized best practice of always avoiding inline SQL.
I accepted the highest voted answer, but all the answers were useful and informative. Thank you again.
[1]: http://stackoverflow.com/questions/5303746/is-inline-sql-hard-coding
[2]: http://www.codinghorror.com/blog/2004/10/who-needs-stored-procedures-anyways.html
[3]: http://www.codinghorror.com/blog/2005/04/give-me-parameterized-sql-or-give-me-death.html
↧