Stored procedures offer many advantages over dynamic SQL, including improved performance and scalability. The SQL code in a stored procedure is parsed and normalized when you create it. Stored procedures are optimized and saved in native machine language. When a stored procedure is called, it’s all ready to go. When you send a SQL statement, the query processor has to parse it, analyze it, and create a query plan for execution. For these reasons, it’s much faster to call a stored procedure than to submit a raw SQL statement that must undergo all these steps at every single execution.
The performance gains that you can attribute to the use of stored procedures are significant. Database systems can usually accommodate a client base twice the size simply by using stored procedures instead of raw SQL. Stored procedures also improve security in two ways: users can only access the stored procedure and not the underlying tables in the database, and you remove the possibility of full SQL statements that include sensitive information traversing the network.