/*SQLserver
stored procedure is a collection of SQL statements that implement specific functions, which are compiled and stored in the database and can be executed by specifying the name of the stored procedure and giving its parameters*/
/**
* Advantages
* Modular programming: you can write a stored procedure once, and then again and again, from different parts of the application (even multiple applications)
* Performance:
* 1. Faster execution: the stored procedure is parsed and created as quickly as possible for him to optimize and the stored procedure is stored in In-memory. This means it will execute a lot faster than sending multiple lines of SQL from the application to SQL Server. Doing this requires SQL Server to compile and optimize your SQL code each time it runs.
* 2. Reduce network traffic: If multiple lines of SQL are sent over the network to your SQL Server, this will affect network performance. This is especially true if you have hundreds of lines of SQL code and/or you have a lot of activity in the application. Running the code on SQL Server (as a stored procedure) eliminates the need to send this code over the network. The only network communication will provide the parameters and the results of any query.
* Security:
* Users can execute stored procedures without executing any direct statements. Therefore, stored procedures can provide advanced database functionality to users who cannot normally access these tasks, but this functionality is provided in a tightly controlled manner.
*/
//Create a stored procedure (assuming you create a stored procedure that returns the specified number of rows from the data table user)
$sql = "CREATE PROCEDURE test @count int AS
SET ROWCOUNT @count
SELECT username FROM AS name,passwdord AS pwd from user ORDER BY user_id DESC ";
//Execute the stored procedure
$sql = "EXEC test @count = 10 ";//The result will return 10 pieces of data
$sql = "EXEC test @ count = 30 ";//The result will return 30 data
//Modify the stored procedure
//If you need to modify the existing stored procedure, just replace CREATE and use ALTER.
//We add an underscore before "test" ( i.e. "_test"), and add a description field as follows:
$SQL = " ALTER PROCEDURE test @Count int AS
SET ROWCOUNT @Count
SELECT username AS test_name, password AS pwd FROM user ORDER BY id DESC";
###### ##############table "student"######################
#| S# | Sname | Sage | Ssex
# _____________________________________________
#| 01 | Zhao Lei | 1990-01-01 | Male
#___________________________________________________________
#| 02 | Qiandian| 1992-01-02 | Male #_____________________________________________
#
| 03 | Sun Feng|
1992-03-08
| #| 05 | Wulan| 1995-02-15 | Male #_____________________________________________ # | 06 | Zheng Zhu| 1989-02-14 | Female #_____________________________________________ # | 07 | Wang Ju| Create a five-parameter stored procedure
$sql = "create proc stuProc
as
begin
select S#,Sname,Sage,Ssex from student
end
";
//Stored procedure with parameters (external assignment)
$sql = "create proc stuProc
@sname varchar(100)
as
begin
select S #,Sname,Sage,Ssex from student where sname = @sname
end
";
//Execute the stored procedure
$sql = "exec stuProc 'Zhao Lei'";
//Stored procedure with parameters (internal assignment)
$sql = "create proc StuProc
@sname varchar(100)='Zhao Lei'
as
begin
select S#,Sname,Sage, Ssex from student where sname=@sname
end
" ;
//Execute the stored procedure
$sql = "exec StuProc";
//You can also output the content of the variable, use output
$sql = "create proc stuProc
@sname varchar(100),
@isRight int output
as
if exists (select S #,Sname,Sage,Ssex from student where sname = @sname)
set @isRight = 1
else
set @isRight = 0
";
$sql = "declare @isRight int
exec stuProc 'Zhao Lei',@isRight output
select @isRight
" ;
//Create a stored procedure PROC_InsertEmployee with the CREATE PROCEDURE statement in the SQL Server query editor window, which is used to add information to the employee information table (tb_Employee) and generate an automatic number. Its SQL statement is as follows:
$sql = "
IF EXISTS (SELECT name
FROM sysobjects
WHERE name = 'Proc_InsertEmployee'
AND type = 'P')
DROP PROCEDURE Proc_InsertEmployee
GO
CREATE PROCEDURE Proc_InsertEmployee
@PName nvarchar(50),
@PSex nvarchar(4),
@PAge int,
@PWage money
AS
begin
declare @PID nvarchar(50)
select @PID=Max(员工编号) from tb_Employee
if(@PID is null)
set @PID='P1001'
else
set @PID='P'+cast(cast(substring(@PID,2,4) as int)+1 as nvarchar(50))
begin
insert into tb_Employee values(@PID,@PName,@PSex,@PAge,@PWage)
end
end
go ";
//Create a stored procedure to verify the identity of the logged in user PROC_EXISTS
$sql = "CREATE PROC PROC_EXISTS
(
@UserName NVARCHAR(20),
@PassWord NVARCHAR(20),
@ReturnValue int OUTPUT
)
AS
IF EXISTS(select * from tb_member where userName=@ UserName AND passWord=@PassWord)
set @ReturnValue= 100
ELSE
set @ReturnValue= -100
";
//Under the Click event of the "Login" button, execute the stored procedure to verify the identity of the logged in user, if the entered user name and password are correct, A dialog box will pop up to prompt the user to log in successfully
. protected void btnLogin_Click(object sender, EventArgs e)
{
//Connect database
myConn = new SqlConnection(ConfigurationManager.AppSettings["ConnectionString"].ToString());
myCmd = new SqlCommand("PROC_EXISTS", myConn); //Call the stored procedure to determine whether the user exists
myCmd.CommandType = CommandType.StoredProcedure;
//Assign the parameters of the stored procedure
SqlParameter userName=new SqlParameter("@UserName", SqlDbType .NVarChar, 20);
userName.Value=this.txtName.Text.Trim();
myCmd.Parameters.Add(userName);
SqlParameter passWord=new SqlParameter("@PassWord", SqlDbType.NVarChar, 20);
passWord.Value = this.txtPassword.Text.Trim();
myCmd.Parameters.Add(passWord);
//Indicate that the parameter is the OUTPUT parameter of the stored procedure
SqlParameter ReturnValue = new SqlParameter("@ReturnValue",SqlDbType.Int ,4);
ReturnValue.Direction = ParameterDirection.Output;
myCmd.Parameters.Add(ReturnValue);
try
{
myConn.Open();
myCmd.ExecuteNonQuery();
if (int.Parse(ReturnValue.Value.ToString()) == 100)
{
Response.Write("<script>alert('You are a legitimate user, the login is successful!')</script>");
return;
}
else
{
Response.Write("<script>alert('The username and password you entered Incorrect, please retype!')</script>");
return;
}
}
catch(Exception ex)
{
Response.Write(ex.Message.ToString());
}
finally
{
myConn.Close();
myConn.Dispose();
myCmd.Dispose();
}}
stored procedure is a collection of SQL statements that implement specific functions, which are compiled and stored in the database and can be executed by specifying the name of the stored procedure and giving its parameters*/
/**
* Advantages
* Modular programming: you can write a stored procedure once, and then again and again, from different parts of the application (even multiple applications)
* Performance:
* 1. Faster execution: the stored procedure is parsed and created as quickly as possible for him to optimize and the stored procedure is stored in In-memory. This means it will execute a lot faster than sending multiple lines of SQL from the application to SQL Server. Doing this requires SQL Server to compile and optimize your SQL code each time it runs.
* 2. Reduce network traffic: If multiple lines of SQL are sent over the network to your SQL Server, this will affect network performance. This is especially true if you have hundreds of lines of SQL code and/or you have a lot of activity in the application. Running the code on SQL Server (as a stored procedure) eliminates the need to send this code over the network. The only network communication will provide the parameters and the results of any query.
* Security:
* Users can execute stored procedures without executing any direct statements. Therefore, stored procedures can provide advanced database functionality to users who cannot normally access these tasks, but this functionality is provided in a tightly controlled manner.
*/
//Create a stored procedure (assuming you create a stored procedure that returns the specified number of rows from the data table user)
$sql = "CREATE PROCEDURE test @count int AS
SET ROWCOUNT @count
SELECT username FROM AS name,passwdord AS pwd from user ORDER BY user_id DESC ";
//Execute the stored procedure
$sql = "EXEC test @count = 10 ";//The result will return 10 pieces of data
$sql = "EXEC test @ count = 30 ";//The result will return 30 data
//Modify the stored procedure
//If you need to modify the existing stored procedure, just replace CREATE and use ALTER.
//We add an underscore before "test" ( i.e. "_test"), and add a description field as follows:
$SQL = " ALTER PROCEDURE test @Count int AS
SET ROWCOUNT @Count
SELECT username AS test_name, password AS pwd FROM user ORDER BY id DESC";
###### ##############table "student"######################
#| S# | Sname | Sage | Ssex
# _____________________________________________
#| 01 | Zhao Lei | 1990-01-01 | Male
#___________________________________________________________
#| 02 | Qiandian| 1992-01-02 | Male #_____________________________________________
#
| 03 | Sun Feng|
1992-03-08
| #| 05 | Wulan| 1995-02-15 | Male #_____________________________________________ # | 06 | Zheng Zhu| 1989-02-14 | Female #_____________________________________________ # | 07 | Wang Ju| Create a five-parameter stored procedure
$sql = "create proc stuProc
as
begin
select S#,Sname,Sage,Ssex from student
end
";
//Stored procedure with parameters (external assignment)
$sql = "create proc stuProc
@sname varchar(100)
as
begin
select S #,Sname,Sage,Ssex from student where sname = @sname
end
";
//Execute the stored procedure
$sql = "exec stuProc 'Zhao Lei'";
//Stored procedure with parameters (internal assignment)
$sql = "create proc StuProc
@sname varchar(100)='Zhao Lei'
as
begin
select S#,Sname,Sage, Ssex from student where sname=@sname
end
" ;
//Execute the stored procedure
$sql = "exec StuProc";
//You can also output the content of the variable, use output
$sql = "create proc stuProc
@sname varchar(100),
@isRight int output
as
if exists (select S #,Sname,Sage,Ssex from student where sname = @sname)
set @isRight = 1
else
set @isRight = 0
";
$sql = "declare @isRight int
exec stuProc 'Zhao Lei',@isRight output
select @isRight
" ;
//Create a stored procedure PROC_InsertEmployee with the CREATE PROCEDURE statement in the SQL Server query editor window, which is used to add information to the employee information table (tb_Employee) and generate an automatic number. Its SQL statement is as follows:
$sql = "
IF EXISTS (SELECT name
FROM sysobjects
WHERE name = 'Proc_InsertEmployee'
AND type = 'P')
DROP PROCEDURE Proc_InsertEmployee
GO
CREATE PROCEDURE Proc_InsertEmployee
@PName nvarchar(50),
@PSex nvarchar(4),
@PAge int,
@PWage money
AS
begin
declare @PID nvarchar(50)
select @PID=Max(员工编号) from tb_Employee
if(@PID is null)
set @PID='P1001'
else
set @PID='P'+cast(cast(substring(@PID,2,4) as int)+1 as nvarchar(50))
begin
insert into tb_Employee values(@PID,@PName,@PSex,@PAge,@PWage)
end
end
go ";
//Create a stored procedure to verify the identity of the logged in user PROC_EXISTS
$sql = "CREATE PROC PROC_EXISTS
(
@UserName NVARCHAR(20),
@PassWord NVARCHAR(20),
@ReturnValue int OUTPUT
)
AS
IF EXISTS(select * from tb_member where userName=@ UserName AND passWord=@PassWord)
set @ReturnValue= 100
ELSE
set @ReturnValue= -100
";
//Under the Click event of the "Login" button, execute the stored procedure to verify the identity of the logged in user, if the entered user name and password are correct, A dialog box will pop up to prompt the user to log in successfully
. protected void btnLogin_Click(object sender, EventArgs e)
{
//Connect database
myConn = new SqlConnection(ConfigurationManager.AppSettings["ConnectionString"].ToString());
myCmd = new SqlCommand("PROC_EXISTS", myConn); //Call the stored procedure to determine whether the user exists
myCmd.CommandType = CommandType.StoredProcedure;
//Assign the parameters of the stored procedure
SqlParameter userName=new SqlParameter("@UserName", SqlDbType .NVarChar, 20);
userName.Value=this.txtName.Text.Trim();
myCmd.Parameters.Add(userName);
SqlParameter passWord=new SqlParameter("@PassWord", SqlDbType.NVarChar, 20);
passWord.Value = this.txtPassword.Text.Trim();
myCmd.Parameters.Add(passWord);
//Indicate that the parameter is the OUTPUT parameter of the stored procedure
SqlParameter ReturnValue = new SqlParameter("@ReturnValue",SqlDbType.Int ,4);
ReturnValue.Direction = ParameterDirection.Output;
myCmd.Parameters.Add(ReturnValue);
try
{
myConn.Open();
myCmd.ExecuteNonQuery();
if (int.Parse(ReturnValue.Value.ToString()) == 100)
{
Response.Write("<script>alert('You are a legitimate user, the login is successful!')</script>");
return;
}
else
{
Response.Write("<script>alert('The username and password you entered Incorrect, please retype!')</script>");
return;
}
}
catch(Exception ex)
{
Response.Write(ex.Message.ToString());
}
finally
{
myConn.Close();
myConn.Dispose();
myCmd.Dispose();
}}