Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ujePt-00AHjN-8P for pgsql-general@arkaria.postgresql.org; Wed, 06 Aug 2025 13:42:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1ujePr-00FtPV-2M for pgsql-general@arkaria.postgresql.org; Wed, 06 Aug 2025 13:42:51 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ujePq-00FtPK-Nm for pgsql-general@lists.postgresql.org; Wed, 06 Aug 2025 13:42:50 +0000 Received: from mail-oo1-xc30.google.com ([2607:f8b0:4864:20::c30]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1ujePo-0012uu-0r for pgsql-general@lists.postgresql.org; Wed, 06 Aug 2025 13:42:49 +0000 Received: by mail-oo1-xc30.google.com with SMTP id 006d021491bc7-6199bd72532so1607097eaf.2 for ; Wed, 06 Aug 2025 06:42:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1754487768; x=1755092568; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=exsv0eplxRTogP1o5WvJ2Rjb9xww5M766ER6xdprl58=; b=RN+mE3YYFaFGcROJ0hW9A4rGdA/7B6aQbB4AT7xfIWlJgMo+UHex3S3oM8yvgeetiQ T6awMj9GZfUBCPxQWvJiRwoEq9asNx/Aefbtc6XHoFT9IkiliRPol0gFNAeSQSOz2Jdc j/4vJ5+tcbUEcqqyf7i9BCJNYo7+jxAOKtnalswDNr7XW5SZhHMkaF27/14slYUow3nj /96xLDXavMHKRqGi1/+zHm7IFM+Hw+wVlH9DJjUm5MBF7wEtUR2yADCFvNxQIc/O9BiQ W3ajRlb8RkESFPm0D8XUeZhRLMjzfDUfqIqYbDlrC3YVf1cdQZTtqB7VCO5QF0DsFZrb XbLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754487768; x=1755092568; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=exsv0eplxRTogP1o5WvJ2Rjb9xww5M766ER6xdprl58=; b=pNqXPHJsm3wd2mOVjq3ajEasK5YXf1dPyrLKguK9DIl4GfPxQlOkJXeADHTF29o+LA X82HgHd01zAZnO5tHN75Rb8808h3Z7Vvsymn3PZ6I5+u5d+PU8kDShdButLwhPv5rXSJ MLxOimBKzV/8IKX3eP5FtGKLd11MZxSw3I88jsz8w3mL5UkjDab+XyxLe+xq5QIfFYCv 7Ye2NQW1XeZFXc1BWDD6VbtSLlcJxefiqPugM8MvZFxpT3GtRdgvVvNrLRkZwQV4d/1R rpW4wF1dnUUeiFzjUFWP95WikPHULLc68aJ5eT1gq5M4UprpJEVKxLbrHT61yl1RpDl7 XQyg== X-Gm-Message-State: AOJu0YzeKITld4K2bljbz3qw+wFlHNY+YPzhe0PEggHpdGSSWpXlsvU1 sFJDX6stmt0tn4rDvp0wiMdIfFY3fJsIQ/RyDVjxGPBHgZWAUqFqDXhN25p0TIofAvIcHrDzW75 cvFAJtTjhtdoOe2uNvjdTm7z3ZBspcCfzaA== X-Gm-Gg: ASbGncuP8v22xNSLf0aQf8ZJXESuS5+Ctkerztccf6uVXRD7ln47ZQ2NqKNfqk6VRXm gABWK/OTkwt/JjmOCq81fQv+SxnKZ51R06a5KvwMb3PsxncgU0t58xLjuc1atTdK7XhqqXL/wZx yh9GCszp+wqkwp3f09PCfIQAc3ATX9kw6OD9mPerJEtN3NqEUaCcnM15+JlQzpC5/2+tEjs2/c9 2O2DcAoBA== X-Google-Smtp-Source: AGHT+IF+OE1WH3Wg0E3FJkpR1O8iH84aN4x8t6FjC6AZlmHV+AtIaQOsFmqo2xBMQoykWbm1xGHrm5Y0c9A97i3fGpg= X-Received: by 2002:a05:6820:290a:b0:619:7e90:37af with SMTP id 006d021491bc7-61b5f33a4bdmr2269550eaf.4.1754487768458; Wed, 06 Aug 2025 06:42:48 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dominique Devienne Date: Wed, 6 Aug 2025 15:42:37 +0200 X-Gm-Features: Ac12FXzoOlD-e-ekZQNd2LBS3orsGaot5BjlhMFX9qdXtfplUBkYdlUNA1oCIEM Message-ID: Subject: Re: Stored procedures or raw queries To: Simon Connah Cc: pgsql-general@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, Aug 6, 2025 at 2:04=E2=80=AFPM Simon Connah wrot= e: > My main question is whether I should use stored procedures / functions > or whether I should embed raw SQL queries in my backend? I understand > that procedures are faster as it cuts down on the round trip speed and > the database can optimise it better. > > On the other hand raw SQL is much easier to manage as you just change > the query in your bankend code without having to apply changes to the > database at deployment time of your backend. That depends. Our backend is configured on the fly using code and the test's fixture, since our schemas are dynamically generated from higher-level logical constructs. Even if you use .sql files, you can run those yourself at test time. Creating/dropping a DB is fast, it's just a folder after all. In this manner, client-side vs server-side stored-proc for your code matters much less, as both are "dynamic" any time you run. And FWIW, we started having tons of SQL in the client-code, and are migrating to server-side for some of it, but for privilege escalation via SECURITY DEFINER reasons (because it's a 2-tier system), which doesn't sound like it applies to your use case. Sprinkling RAISE NOTICE (or similar) in the server-side code helps with debugging it, when it grows more complex, be sure to install a notice-handler to get them client-side. But if you want to keep things simple, sure, keep the SQL client-side. Another use-case for server-side is to cut down on round-trips, which matters to us, since 2-tier, and the client-side can be "far" away from the server, but in a web-app scenario, that's unlikely, so again, doesn't apply to you I'm guessing. FWIW. --DD