Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 8: Implementing Stored Procedures. Introducing Stored Procedures Creating, Modifying, Dropping, and Executing Stored Procedures Using Parameters.

Published byLisa Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 8: Implementing Stored Procedures. Introducing Stored Procedures Creating, Modifying, Dropping, and Executing Stored Procedures Using Parameters."— Presentation transcript:

1 Module 8: Implementing Stored Procedures

2 Introducing Stored Procedures Creating, Modifying, Dropping, and Executing Stored Procedures Using Parameters in Stored Procedures Handling Error Messages Working with Stored Procedures Overview

3 What Are Stored Procedures? Advantages of Stored Procedures Initial Processing of Stored Procedures Subsequent Processing of Stored Procedures Lesson: Introducing Stored Procedures

4 What Are Stored Procedures? Named Collections of Transact-SQL Statements Encapsulate Repetitive Tasks Accept Input Parameters and Return Output Parameter Values Return Status Value to Indicate Success or Failure Five Types (System, Local, Temporary, Remote, and Extended)

5 Advantages of Stored Procedures Share Application Logic Shield Database Schema Details Provide Security Mechanisms Improve Performance Reduce Network Traffic Reduce Vulnerability to SQL Injection Attacks

6 Initial Processing of Stored Procedures Entries into sysobjects and syscomments tables Compiled plan placed in procedure cache Creation Execution (first time or recompile) Optimization Parsing Compilation

7 Unused plan is aged out Execution PlanExecution Context Connection 1 8082 Connection 2 Connection 3 24 1003 Subsequent Processing of Stored Procedures Execution Plan Retrieved SELECT * FROM dbo.member WHERE member_no = ?

8 Lesson: Creating, Modifying, Dropping, and Executing Stored Procedures The CREATE PROCEDURE Statement Guidelines for Creating Stored Procedures The ALTER PROCEDURE Statement The DROP PROCEDURE Statement Stored Procedure Execution

9 The CREATE PROCEDURE Statement Create in Current Database Using the CREATE PROCEDURE Statement Can Nest to 32 Levels Use sp_help to Display Information USE Northwind GO CREATE PROC dbo.OverdueOrders AS SELECT * FROM dbo.Orders WHERE RequiredDate < GETDATE() AND ShippedDate IS Null GO USE Northwind GO CREATE PROC dbo.OverdueOrders AS SELECT * FROM dbo.Orders WHERE RequiredDate < GETDATE() AND ShippedDate IS Null GO

10 dbo User Should Own All Objects Create, Test, and Troubleshoot Avoid sp_ Prefix in Stored Procedure Names Use Same Connection Settings for All Stored Procedures Minimize Use of Temporary Stored Procedures One Stored Procedure for One Task Guidelines for Creating Stored Procedures

11 The ALTER PROCEDURE Statement Altering Stored Procedures  Include any options in ALTER PROCEDURE  Does not affect nested stored procedures USE Northwind GO ALTER PROC dbo.OverdueOrders AS SELECT CONVERT(char(8), RequiredDate, 1) RequiredDate, CONVERT(char(8), OrderDate, 1) OrderDate, OrderID, CustomerID, EmployeeID FROM Orders WHERE RequiredDate < GETDATE() AND ShippedDate IS Null ORDER BY RequiredDate GO USE Northwind GO ALTER PROC dbo.OverdueOrders AS SELECT CONVERT(char(8), RequiredDate, 1) RequiredDate, CONVERT(char(8), OrderDate, 1) OrderDate, OrderID, CustomerID, EmployeeID FROM Orders WHERE RequiredDate < GETDATE() AND ShippedDate IS Null ORDER BY RequiredDate GO

12 The DROP PROCEDURE Statement Dropping Stored Procedures  Execute the sp_depends stored procedure to determine whether objects depend on the stored procedure  Procedure information is removed from the sysobjects and syscomments system tables Required Permission  Procedure owner  Members of db_owner, db_ddladmin, and sysadmin roles USE Northwind GO DROP PROC dbo.OverdueOrders GO USE Northwind GO DROP PROC dbo.OverdueOrders GO

13 Stored Procedure Execution Executing a Stored Procedure by Itself Executing a Stored Procedure Within an INSERT Statement EXEC OverdueOrders INSERT INTO Customers EXEC EmployeeCustomer INSERT INTO Customers EXEC EmployeeCustomer

14 Lab A: Creating Stored Procedures Exercise 1: Writing and Executing a Stored Procedure Exercise 2: Locating Stored Procedure Information

15 Lesson: Using Parameters in Stored Procedures Input Parameters Methods of Setting Parameter Values Return Values Using OUTPUT Parameters Return Values Using the RETURN Statement Stored Procedure Recompile

16 Input Parameters Validate All Incoming Parameter Values First Provide Appropriate Default Values and Include Null Checks CREATE PROCEDURE dbo.[Year to Year Sales] @BeginDate DateTime = Null, @EndDate DateTime = Null AS IF @BeginDate IS Null SET @BeginDate = dateadd(yy,-1,GetDate()) IF @EndDate IS Null SET @EndDate = GetDate() IF Datediff(dd,@BeginDate,@EndDate) > 365 BEGIN RAISERROR('The maximum timespan allowed for this report is one year.', 14, 1) RETURN END SELECT O.ShippedDate,O.OrderID,OS.Subtotal, DATENAME(yy,ShippedDate) AS Year FROM ORDERS O INNER JOIN [Order Subtotals] OS ON O.OrderID = OS.OrderID WHERE O.ShippedDate BETWEEN @BeginDate AND @EndDate GO CREATE PROCEDURE dbo.[Year to Year Sales] @BeginDate DateTime = Null, @EndDate DateTime = Null AS IF @BeginDate IS Null SET @BeginDate = dateadd(yy,-1,GetDate()) IF @EndDate IS Null SET @EndDate = GetDate() IF Datediff(dd,@BeginDate,@EndDate) > 365 BEGIN RAISERROR('The maximum timespan allowed for this report is one year.', 14, 1) RETURN END SELECT O.ShippedDate,O.OrderID,OS.Subtotal, DATENAME(yy,ShippedDate) AS Year FROM ORDERS O INNER JOIN [Order Subtotals] OS ON O.OrderID = OS.OrderID WHERE O.ShippedDate BETWEEN @BeginDate AND @EndDate GO

17 Methods of Setting Parameter Values Passing Values by Parameter Name Passing Values by Position EXEC AddCustomer 'ALFKI2', 'Alfreds Futterkiste', 'Maria Anders', 'Sales Representative', 'Obere Str. 57', 'Berlin', NULL, '12209', 'Germany', '030-0074321' EXEC AddCustomer @CustomerID = 'ALFKI', @ContactName = 'Maria Anders', @CompanyName = 'Alfreds Futterkiste', @ContactTitle = 'Sales Representative', @Address = 'Obere Str. 57', @City = 'Berlin', @PostalCode = '12209', @Country = 'Germany', @Phone = '030-0074321' EXEC AddCustomer @CustomerID = 'ALFKI', @ContactName = 'Maria Anders', @CompanyName = 'Alfreds Futterkiste', @ContactTitle = 'Sales Representative', @Address = 'Obere Str. 57', @City = 'Berlin', @PostalCode = '12209', @Country = 'Germany', @Phone = '030-0074321'

18 CREATE PROCEDURE dbo.MathTutor @m1 smallint, @m2 smallint, @result int OUTPUT AS SET @result = @m1 * @m2 GO DECLARE @answer smallint EXECUTE MathTutor 5,6, @answer OUTPUT SELECT 'The result is: ', @answer The result is: 30 CREATE PROCEDURE dbo.MathTutor @m1 smallint, @m2 smallint, @result int OUTPUT AS SET @result = @m1 * @m2 GO DECLARE @answer smallint EXECUTE MathTutor 5,6, @answer OUTPUT SELECT 'The result is: ', @answer The result is: 30 Return Values Using OUTPUT Parameters Results of Stored Procedure Executing Stored Procedure Creating Stored Procedure

19 CREATE PROC dbo.NewEmployee( @LastName nvarchar(20), @FirstName nvarchar(10) ) AS INSERT Employees(LastName,FirstName) VALUES (@LastName, @FirstName) RETURN SCOPE_IDENTITY() Go DECLARE @NewEmployeeId int EXEC @NewEmployeeId = dbo.NewEmployee @LastName='Hankin', @FirsName='Alex' SELECT EmployeeID, LastName, FirstName FROM Employees WHERE EmployeeId = @NewEmployeeId EmployeeID LastName FirstName ----------- -------------------- ---------- 10 Hankin Alex CREATE PROC dbo.NewEmployee( @LastName nvarchar(20), @FirstName nvarchar(10) ) AS INSERT Employees(LastName,FirstName) VALUES (@LastName, @FirstName) RETURN SCOPE_IDENTITY() Go DECLARE @NewEmployeeId int EXEC @NewEmployeeId = dbo.NewEmployee @LastName='Hankin', @FirsName='Alex' SELECT EmployeeID, LastName, FirstName FROM Employees WHERE EmployeeId = @NewEmployeeId EmployeeID LastName FirstName ----------- -------------------- ---------- 10 Hankin Alex Return Values Using the RETURN Statement Result Executing Stored Procedure Creating Stored Procedure

20 Stored Procedure Recompile Recompile When  Stored procedure returns widely varying result sets  A new index is added to an underlying table  The parameter value is atypical Recompile by Using  CREATE PROCEDURE [WITH RECOMPILE]  EXECUTE [WITH RECOMPILE]  sp_recompile

21 Lesson: Handling Error Messages Error Messages Demonstration: Handling Error Messages

22 Error Messages RETURN Statement Exits Query or Procedure Unconditionally sp_addmessage Creates Custom Error Messages @@error Contains Error Number for Last Executed Statement RAISERROR Statement  Returns user-defined or system error message  Sets system flag to record error

23 Demonstration: Handling Error Messages Handling error messages

24 Lesson: Working with Stored Procedures Dynamic SQL in Stored Procedures SQL Injection Extended Stored Procedures Performance Diagnosis Tools Best Practices

25 Dynamic SQL in Stored Procedures Dynamic Search Conditions The IN Clause Administrative Functions SELECT @str = 'SELECT * FROM CUSTOMERS WHERE 1=1' IF LEN(@WhereCondition) > 0 SELECT @str = @str + @WhereCondition EXEC sp_executesql @str SELECT @str = 'SELECT * FROM CUSTOMERS WHERE 1=1' IF LEN(@WhereCondition) > 0 SELECT @str = @str + @WhereCondition EXEC sp_executesql @str SELECT @SQL = 'SELECT ProductID, ProductName, UnitPrice FROM Products WHERE ProductID IN (' + (@ProductIDs) + ')' SELECT @SQL = 'SELECT ProductID, ProductName, UnitPrice FROM Products WHERE ProductID IN (' + (@ProductIDs) + ')'

26 SQL Injection A Technique to Inject SQL Command as an Input Caused by Passing User Input Directly to SQL Code How to Avoid SQL Injection  Never trust user input  Avoid dynamic SQL  Execute with least privilege  Store secrets securely  Exceptions should divulge minimal information

27 Extended Stored Procedures Characteristics of Extended Stored Procedures:  Programmed using open data services API  Can include C and Microsoft Visual C++ features  Can contain multiple functions  Can be called from a client or SQL server  Can be added to the master database only EXEC master..xp_cmdshell 'dir c:\'

28 Performance Diagnosis Tools Windows 2000 System Monitor  Object: SQL Server: Cache Manager  Object: SQL Statistics SQL Profiler  Can monitor events  Can test each statement in a stored procedure

29 Design Each Stored Procedure to Accomplish a Single Task Validate Data Before You Begin Transactions Use the Same Connection Settings for All Stored Procedures Use WITH ENCRYPTION to Hide Text of Stored Procedures Verify Input Parameters Best Practices

30 Lab B: Creating Stored Procedures Using Parameters Exercise 1: Using the Create Stored Procedure Wizard Exercise 2: Using Error Handling in Stored Procedures Exercise 3: Customizing Error Messages Exercise 4: Using Return Codes If Time Permits  Executing Extended Stored Procedures  Tracing Stored Procedures Using SQL Profiler

Download ppt "Module 8: Implementing Stored Procedures. Introducing Stored Procedures Creating, Modifying, Dropping, and Executing Stored Procedures Using Parameters."

Similar presentations

Module 17 Tracing Access to SQL Server 2008 R2. Module Overview Capturing Activity using SQL Server Profiler Improving Performance with the Database Engine.

Module 17 Tracing Access to SQL Server 2008 R2. Module Overview Capturing Activity using SQL Server Profiler Improving Performance with the Database Engine.
Stored Procedures and Functions Rose-Hulman Institute of Technology Curt Clifton.

Stored Procedures and Functions Rose-Hulman Institute of Technology Curt Clifton.
Module 9: Implementing Stored Procedures. Introduction to Stored Procedures Creating Executing Modifying Dropping Using Parameters in Stored Procedures.

Module 9: Implementing Stored Procedures. Introduction to Stored Procedures Creating Executing Modifying Dropping Using Parameters in Stored Procedures.
Module 8: Implementing Views. Overview Introduction Advantages Definition Modifying Data Through Views Optimizing Performance by Using Views.

Module 8: Implementing Views. Overview Introduction Advantages Definition Modifying Data Through Views Optimizing Performance by Using Views.
Module 8: Monitoring SQL Server for Performance. Overview Why to Monitor SQL Server Performance Monitoring and Tuning Tools for Monitoring SQL Server.

Module 8: Monitoring SQL Server for Performance. Overview Why to Monitor SQL Server Performance Monitoring and Tuning Tools for Monitoring SQL Server.
Chapter 9: Creating Database Conventions & Standards MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443)

Chapter 9: Creating Database Conventions & Standards MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443)
Module 17 Storing XML Data in SQL Server® 2008 R2.

Module 17 Storing XML Data in SQL Server® 2008 R2.
Stored Procedures A stored procedure is a named collection of SQL statements language. You can create stored procedures for commonly used functions and.

Stored Procedures A stored procedure is a named collection of SQL statements language. You can create stored procedures for commonly used functions and.
Module 3: Changes to Transact-SQL. Overview Accessing Object Information New Transact-SQL Syntax Changes to Objects Distributed Queries.

Module 3: Changes to Transact-SQL. Overview Accessing Object Information New Transact-SQL Syntax Changes to Objects Distributed Queries.
Module 12 Handling Errors in T-SQL Code. Module Overview Understanding T-SQL Error Handling Implementing T-SQL Error Handling Implementing Structured.

Module 12 Handling Errors in T-SQL Code. Module Overview Understanding T-SQL Error Handling Implementing T-SQL Error Handling Implementing Structured.
IMS 4212: Application Architecture and Intro to Stored Procedures 1 Dr. Lawrence West, Management Dept., University of Central Florida

IMS 4212: Application Architecture and Intro to Stored Procedures 1 Dr. Lawrence West, Management Dept., University of Central Florida
Module 7: Fundamentals of Administering Windows Server 2008.

Module 7: Fundamentals of Administering Windows Server 2008.
Stored Procedures A stored procedure is a named collection of SQL statements language. You can create stored procedures for commonly used functions and.

Stored Procedures A stored procedure is a named collection of SQL statements language. You can create stored procedures for commonly used functions and.
Store Procedures Lesson 9. Skills Matrix Stored Procedures Stored procedures in SQL Server are similar to the procedures you write in other programming.

Store Procedures Lesson 9. Skills Matrix Stored Procedures Stored procedures in SQL Server are similar to the procedures you write in other programming.
Defining Stored Procedures Named Collections of Transact-SQL Statements Encapsulate Repetitive Tasks Five Types (System, Local, Temporary, Remote, and.

Defining Stored Procedures Named Collections of Transact-SQL Statements Encapsulate Repetitive Tasks Five Types (System, Local, Temporary, Remote, and.
Dinamic SQL & Cursor. Why Dinamic SQL ? Sometimes there is a need to dynamically create a SQL statement on the fly and then run that command. This can.

Dinamic SQL & Cursor. Why Dinamic SQL ? Sometimes there is a need to dynamically create a SQL statement on the fly and then run that command. This can.
Dexterity | CONFIDENTIAL 2009 MRO | Analytics | Insights 1 Stored Procedures.

Dexterity | CONFIDENTIAL 2009 MRO | Analytics | Insights 1 Stored Procedures.
Module 1: Introduction to Transact-SQL

Module 1: Introduction to Transact-SQL
Module 9 Designing and Implementing Stored Procedures.

Module 9 Designing and Implementing Stored Procedures.
SQL/Lesson 4/Slide 1 of 45 Using Subqueries and Managing Databases Objectives In this lesson, you will learn to: *Use subqueries * Use subqueries with.

SQL/Lesson 4/Slide 1 of 45 Using Subqueries and Managing Databases Objectives In this lesson, you will learn to: *Use subqueries * Use subqueries with.

Similar presentations

Ads by Google