Concept Stored Procedure: One or more SQL statements that have been precompiled into an executable procedure.
Create stored procedure syntax
CREATE proc | procedure procedure_name
[{@parameter datatype} [=default] [output],
{@parameter datatype} [=default] [output],
....
]
as
SQL_statements
go
Comparison of stored procedures and SQL statements
Advantages :
1. Improve performance
SQL statements are analyzed and compiled when the procedure is created. Stored procedures are precompiled. When a stored procedure is run for the first time, the query optimizer analyzes and optimizes it, and gives a stored plan that is finally stored in the system table, so that this overhead can be saved when executing the procedure.
2. Reduce network overhead When calling a
stored procedure, you only need to provide the stored procedure name and necessary parameter information, thereby reducing network traffic.
3. Ease of code porting
Database professionals can modify the stored procedure at any time, but it has no effect on the application source code, thus greatly improving the portability of the program.
4. Stronger security
1) The system administrator can restrict the permissions of a stored procedure to be executed to prevent unauthorized users from accessing data
2) When calling a procedure through the network, only the call to the execution procedure is visible . Therefore, malicious users cannot see table and database object names, embed their own Transact-SQL statements, or search for critical data.
3) Using procedure parameters helps to avoid SQL injection attacks. Because parameter input is treated as a literal value rather than executable code, it is more difficult for an attacker to insert commands into Transact-SQL statements within a procedure and compromise security.
4) The process can be encrypted, which helps to obfuscate the source code.
Disadvantages:
1. Stored procedures require specialized database developers to maintain, but the actual situation is that program developers are often part-timers
. 2. Design logic changes, and modify stored procedures are not as flexible as SQL.
Why are stored procedures used relatively in practical applications? What about less?
In the usual project development, relatively few stored procedures are used. Why?
The reasons for the analysis are as follows:
1) There is no specific database developer, and ordinary programmers perform database operations part-time.
2) Programmers often only need to operate the program to complete data access, and there is no need to develop on the database.
3) Project requirements change frequently , It is more convenient to modify SQL statements, especially those involving logical changes How to choose between
stored procedures and SQL statements?
Based on the experience of practical application, the following suggestions are given:
1. In some projects with high efficiency or high normative requirements, it is recommended to use stored procedures
. 2. For general projects, it is recommended to use parameterized commands, which are a combination of stored procedures and SQL statements. Method
3. For some algorithms with relatively high requirements and involving multiple pieces of data logic, it is recommended to use
stored procedures. Specific applications of stored procedures
1. Basic query
1. Create a stored procedure without parameters
Example : Query the total number of students
-- query stored procedure
IF OBJECT_ID (N'PROC_SELECT_STUDENTS_COUNT', N'P') IS NOT NULL
DROP procedure PROC_SELECT_STUDENTS_COUNT;
GO
CREATE procedure PROC_SELECT_STUDENTS_COUNT
AS
SELECT COUNT(ID) FROM Students
GO
implement:
EXEC PROC_SELECT_STUDENTS_COUNT
2. Stored procedure with parameters
--Query the stored procedure to query the total number according to the city
IF OBJECT_ID (N'PROC_SELECT_STUDENTS_BY_CITY_COUNT', N'P') IS NOT NULL
DROP procedure PROC_SELECT_STUDENTS_BY_CITY_COUNT;
GO
CREATE procedure PROC_SELECT_STUDENTS_BY_CITY_COUNT(@city nvarchar(50))
AS
SELECT COUNT(ID) FROM Students WHERE City=@city
GO
Execute statement:
EXEC PROC_SELECT_STUDENTS_BY_CITY_COUNT N'Beijing'
3. With wildcards
Wildcards , when assigning parameter values, add the corresponding wildcards
--3. Query the information of students whose surname is Li, including wildcards
IF OBJECT_ID (N'PROC_SELECT_STUDENTS_BY_SURNNAME', N'P') IS NOT NULL
DROP procedure PROC_SELECT_STUDENTS_BY_SURNNAME;
GO
CREATE procedure PROC_SELECT_STUDENTS_BY_SURNNAME
@surnName nvarchar(20)='Li%' -- default value
AS
SELECT ID,Name,Age FROM Students WHERE Name like @surnName
GO
implement:
EXEC PROC_SELECT_STUDENTS_BY_SURNNAME EXEC PROC_SELECT_STUDENTS_BY_SURNNAME N'李%' EXEC PROC_SELECT_STUDENTS_BY_SURNNAME N'%李%'
4, with output parameters
--Return the student's city and age based on the student information queried by name
IF OBJECT_ID (N'PROC_SELECT_STUDENTS_BY_NAME', N'P') IS NOT NULL
DROP procedure PROC_SELECT_STUDENTS_BY_NAME;
GO
CREATE procedure PROC_SELECT_STUDENTS_BY_NAME
@name nvarchar(50), --input parameter
@city nvarchar(20) out, -- output parameters
@age int output -- input and output parameters
AS
SELECT @city=City,@age=Age FROM Students WHERE Name=@name AND Age=@age
GO
implement:
--implement
declare @name nvarchar(50),
@city nvarchar(20),
@age int;
set @name = N'Li Ming';
set @age = 20;
exec PROC_SELECT_STUDENTS_BY_NAME @name,@city out, @age output;
select @city, @age;
2. Use stored procedures to add
, delete and modify 1. Add
new student information
--1, stored procedure: add student information
IF OBJECT_ID (N'PROC_INSERT_STUDENT', N'P') IS NOT NULL
DROP procedure PROC_INSERT_STUDENT;
GO
CREATE procedure PROC_INSERT_STUDENT
@id int,
@name nvarchar(20),
@age int,
@city nvarchar(20)
AS
INSERT INTO Students(ID,Name,Age,City) VALUES(@id,@name,@age,@city)
GO
Execute:
EXEC PROC_INSERT_STUDENT 1001,N'Zhangsan',19,'ShangHai'
2. Modify
According to the student ID, update the student information
IF OBJECT_ID (N'PROC_UPDATE_STUDENT', N'P') IS NOT NULL
DROP procedure PROC_UPDATE_STUDENT;
GO
CREATE procedure PROC_UPDATE_STUDENT
@id int,
@name nvarchar(20),
@age int,
@city nvarchar(20)
AS
UPDATE Students SET Name=@name,Age=@age,City=@city WHERE ID=@id
GO
3. Delete
According to the ID, delete a student record
--3, stored procedure: delete student information
IF OBJECT_ID (N'PROC_DELETE_STUDENT_BY_ID', N'P') IS NOT NULL
DROP procedure PROC_DELETE_STUDENT_BY_ID;
GO
CREATE procedure PROC_DELETE_STUDENT_BY_ID
@id int
AS
DELETE FROM Students WHERE ID=@id
GO
Execute:
EXEC PROC_DELETE_STUDENT_BY_ID 1001
Third, the stored procedure implements paging query
1. Use the row_number function to paginate
--Paging query
IF OBJECT_ID (N'PROC_SELECT_BY_PAGE', N'P') IS NOT NULL
DROP procedure PROC_SELECT_BY_PAGE;
GO
CREATE procedure PROC_SELECT_BY_PAGE
@startIndex int,
@endIndex int
AS
SELECT * FROM (SELECT ID,Name,Age,City,ROW_NUMBER() OVER(ORDER BY ID DESC) AS RowNumber FROM Students) AS Temp
WHERE Temp.RowNumber BETWEEN @startIndex AND @endIndex
GO
Execute:
EXEC PROC_SELECT_BY_PAGE 1,10
2. Use traditional top paging
--Use TOP pagination
IF OBJECT_ID (N'PROC_SELECT_BY_PAGE_WITH_TOP', N'P') IS NOT NULL
DROP procedure PROC_SELECT_BY_PAGE_WITH_TOP;
GO
CREATE procedure PROC_SELECT_BY_PAGE_WITH_TOP
@pageIndex int,
@pageSize int
AS
SELECT TOP(@pageSize) * FROM Students
WHERE ID >=(SELECT MAX(ID) FROM (SELECT TOP(@pageSize*(@pageIndex-1) + 1) ID FROM Students ORDER BY ID) AS Temp)
GO
Execution:
EXEC PROC_SELECT_BY_PAGE_WITH_TOP 1,2
4. Other functions:
1. Stored procedure, recompile every time it is executed
--1, stored procedure, repeated compilation
IF OBJECT_ID (N'PROC_SELECT_STUDENTS_WITH_RECOMPILE', N'P') IS NOT NULL
DROP procedure PROC_SELECT_STUDENTS_WITH_RECOMPILE;
GO
CREATE procedure PROC_SELECT_STUDENTS_WITH_RECOMPILE
with recompile -- recompile
AS
SELECT * FROM Students
GO
2. Encrypt the stored procedure. After
encryption , the source script cannot be viewed and modified.
--2. Query the stored procedure and encrypt it
IF OBJECT_ID (N'PROC_SELECT_STUDENTS_WITH_ENCRYPTION', N'P') IS NOT NULL
DROP procedure PROC_SELECT_STUDENTS_WITH_ENCRYPTION;
GO
CREATE procedure PROC_SELECT_STUDENTS_WITH_ENCRYPTION
with encryption --encryption
AS
SELECT * FROM Students
GO
Execution:
EXEC PROC_SELECT_STUDENTS_WITH_ENCRYPTION
effect, unable to view script or export creation script
