Stored procedures are definitely the way to go...they are compiled, have execution plan before hand and you could do rights management on them.
I do not understand this whole source control issue on stored procedure. You definitely can source control them, if only you are a little disciplined.
Always start with a .sql file that is the source of your stored procedure. Put it in version control once you have written your code. The next time you want to edit your stored procedure get it from your source control than your database. If you follow this, you will have as good source control as your code.
I would like to quote Tom Kyte from Oracle here...Here's his rule on where to write code...though a bit unrelated but good to know I guess.
- Start with stored procedures in PL/SQL...
- If you think something can't be done using stored procedure in PL/SQL, use Java stored procedure.
- If you think something can't be done using Java Stored procedure, consider Pro*c.
- If you think you can't achieve something using Pro*C, you might want to rethink what you need to get done.
