While researching an article I came across a piece at http://www.simple-talk.com/sql/t-sql-programming/cursors-and-embedded-sql/. Basically the author says “embedded SQL” is bad — meaning developers should never put SQL in their code. Nor should they use ORM tools to generate SQL for them.
Instead, they should access everything they need through stored procedures. I have mixed feelings about this. On one hand, you have to give table-access permissions to users and then deal with the resulting security risks sounds very control-freakish to me. On the other hand, I agree that embedded code can be bad because if you change the database model in any way, you have to rewrite the procedural code that relies on the existence of the previous model.
And of course, stored procedures also help make your code more modular. But this article basically advocates that database administrators really need to do a lot of heavy coding into the database.
(The title of this post is just something that came to me when I read the article, because the author’s opinions were sparked by a cursor gone bad. (cursors gone wild?) )