Concept Stored Procedure: One or more SQL statements that have been precompiled into an executable procedure.
Create stored procedure syntax
CREATE proc | procedure procedure_name [{@parameter datatype} [=default] [output], {@parameter datatype} [=default] [output], .... ] as SQL_statements go
Comparison of stored procedures and SQL statements
Advantages :
1. Improve performance
SQL statements are analyzed and compiled when the procedure is created. Stored procedures are precompiled. When a stored procedure is run for the first time, the query optimizer analyzes and optimizes it, and gives a stored plan that is finally stored in the system table, so that this overhead can be saved when executing the procedure.
2. Reduce network overhead When calling a
stored procedure, you only need to provide the stored procedure name and necessary parameter information, thereby reducing network traffic.
3. Ease of code porting
Database professionals can modify the stored procedure at any time, but it has no effect on the application source code, thus greatly improving the portability of the program.
4. Stronger security
1) The system administrator can restrict the permissions of a stored procedure to be executed to prevent unauthorized users from accessing data
2) When calling a procedure through the network, only the call to the execution procedure is visible . Therefore, malicious users cannot see table and database object names, embed their own Transact-SQL statements, or search for critical data.
3) Using procedure parameters helps to avoid SQL injection attacks. Because parameter input is treated as a literal value rather than executable code, it is more difficult for an attacker to insert commands into Transact-SQL statements within a procedure and compromise security.
4) The process can be encrypted, which helps to obfuscate the source code.
Disadvantages:
1. Stored procedures require specialized database developers to maintain, but the actual situation is that program developers are often part-timers
. 2. Design logic changes, and modify stored procedures are not as flexible as SQL.
Why are stored procedures used relatively in practical applications? What about less?
In the usual project development, relatively few stored procedures are used. Why?
The reasons for the analysis are as follows:
1) There is no specific database developer, and ordinary programmers perform database operations part-time.
2) Programmers often only need to operate the program to complete data access, and there is no need to develop on the database.
3) Project requirements change frequently , It is more convenient to modify SQL statements, especially those involving logical changes How to choose between
stored procedures and SQL statements?
Based on the experience of practical application, the following suggestions are given:
1. In some projects with high efficiency or high normative requirements, it is recommended to use stored procedures
. 2. For general projects, it is recommended to use parameterized commands, which are a combination of stored procedures and SQL statements. Method
3. For some algorithms with relatively high requirements and involving multiple pieces of data logic, it is recommended to use
stored procedures. Specific applications of stored procedures
1. Basic query
1. Create a stored procedure without parameters
Example : Query the total number of students
-- query stored procedure IF OBJECT_ID (N'PROC_SELECT_STUDENTS_COUNT', N'P') IS NOT NULL DROP procedure PROC_SELECT_STUDENTS_COUNT; GO CREATE procedure PROC_SELECT_STUDENTS_COUNT AS SELECT COUNT(ID) FROM Students GO
implement:
EXEC PROC_SELECT_STUDENTS_COUNT
2. Stored procedure with parameters
--Query the stored procedure to query the total number according to the city IF OBJECT_ID (N'PROC_SELECT_STUDENTS_BY_CITY_COUNT', N'P') IS NOT NULL DROP procedure PROC_SELECT_STUDENTS_BY_CITY_COUNT; GO CREATE procedure PROC_SELECT_STUDENTS_BY_CITY_COUNT(@city nvarchar(50)) AS SELECT COUNT(ID) FROM Students WHERE City=@city GO
Execute statement:
EXEC PROC_SELECT_STUDENTS_BY_CITY_COUNT N'Beijing'
3. With wildcards
Wildcards , when assigning parameter values, add the corresponding wildcards
--3. Query the information of students whose surname is Li, including wildcards IF OBJECT_ID (N'PROC_SELECT_STUDENTS_BY_SURNNAME', N'P') IS NOT NULL DROP procedure PROC_SELECT_STUDENTS_BY_SURNNAME; GO CREATE procedure PROC_SELECT_STUDENTS_BY_SURNNAME @surnName nvarchar(20)='Li%' -- default value AS SELECT ID,Name,Age FROM Students WHERE Name like @surnName GO
implement:
EXEC PROC_SELECT_STUDENTS_BY_SURNNAME EXEC PROC_SELECT_STUDENTS_BY_SURNNAME N'李%' EXEC PROC_SELECT_STUDENTS_BY_SURNNAME N'%李%'
4, with output parameters
--Return the student's city and age based on the student information queried by name IF OBJECT_ID (N'PROC_SELECT_STUDENTS_BY_NAME', N'P') IS NOT NULL DROP procedure PROC_SELECT_STUDENTS_BY_NAME; GO CREATE procedure PROC_SELECT_STUDENTS_BY_NAME @name nvarchar(50), --input parameter @city nvarchar(20) out, -- output parameters @age int output -- input and output parameters AS SELECT @city=City,@age=Age FROM Students WHERE Name=@name AND Age=@age GO
implement:
--implement declare @name nvarchar(50), @city nvarchar(20), @age int; set @name = N'Li Ming'; set @age = 20; exec PROC_SELECT_STUDENTS_BY_NAME @name,@city out, @age output; select @city, @age;
2. Use stored procedures to add
, delete and modify 1. Add
new student information
--1, stored procedure: add student information IF OBJECT_ID (N'PROC_INSERT_STUDENT', N'P') IS NOT NULL DROP procedure PROC_INSERT_STUDENT; GO CREATE procedure PROC_INSERT_STUDENT @id int, @name nvarchar(20), @age int, @city nvarchar(20) AS INSERT INTO Students(ID,Name,Age,City) VALUES(@id,@name,@age,@city) GO
Execute:
EXEC PROC_INSERT_STUDENT 1001,N'Zhangsan',19,'ShangHai'
2. Modify
According to the student ID, update the student information
IF OBJECT_ID (N'PROC_UPDATE_STUDENT', N'P') IS NOT NULL DROP procedure PROC_UPDATE_STUDENT; GO CREATE procedure PROC_UPDATE_STUDENT @id int, @name nvarchar(20), @age int, @city nvarchar(20) AS UPDATE Students SET Name=@name,Age=@age,City=@city WHERE ID=@id GO
3. Delete
According to the ID, delete a student record
--3, stored procedure: delete student information IF OBJECT_ID (N'PROC_DELETE_STUDENT_BY_ID', N'P') IS NOT NULL DROP procedure PROC_DELETE_STUDENT_BY_ID; GO CREATE procedure PROC_DELETE_STUDENT_BY_ID @id int AS DELETE FROM Students WHERE ID=@id GO
Execute:
EXEC PROC_DELETE_STUDENT_BY_ID 1001
Third, the stored procedure implements paging query
1. Use the row_number function to paginate
--Paging query IF OBJECT_ID (N'PROC_SELECT_BY_PAGE', N'P') IS NOT NULL DROP procedure PROC_SELECT_BY_PAGE; GO CREATE procedure PROC_SELECT_BY_PAGE @startIndex int, @endIndex int AS SELECT * FROM (SELECT ID,Name,Age,City,ROW_NUMBER() OVER(ORDER BY ID DESC) AS RowNumber FROM Students) AS Temp WHERE Temp.RowNumber BETWEEN @startIndex AND @endIndex GO
Execute:
EXEC PROC_SELECT_BY_PAGE 1,10
2. Use traditional top paging
--Use TOP pagination IF OBJECT_ID (N'PROC_SELECT_BY_PAGE_WITH_TOP', N'P') IS NOT NULL DROP procedure PROC_SELECT_BY_PAGE_WITH_TOP; GO CREATE procedure PROC_SELECT_BY_PAGE_WITH_TOP @pageIndex int, @pageSize int AS SELECT TOP(@pageSize) * FROM Students WHERE ID >=(SELECT MAX(ID) FROM (SELECT TOP(@pageSize*(@pageIndex-1) + 1) ID FROM Students ORDER BY ID) AS Temp) GO
Execution:
EXEC PROC_SELECT_BY_PAGE_WITH_TOP 1,2
4. Other functions:
1. Stored procedure, recompile every time it is executed
--1, stored procedure, repeated compilation IF OBJECT_ID (N'PROC_SELECT_STUDENTS_WITH_RECOMPILE', N'P') IS NOT NULL DROP procedure PROC_SELECT_STUDENTS_WITH_RECOMPILE; GO CREATE procedure PROC_SELECT_STUDENTS_WITH_RECOMPILE with recompile -- recompile AS SELECT * FROM Students GO
2. Encrypt the stored procedure. After
encryption , the source script cannot be viewed and modified.
--2. Query the stored procedure and encrypt it IF OBJECT_ID (N'PROC_SELECT_STUDENTS_WITH_ENCRYPTION', N'P') IS NOT NULL DROP procedure PROC_SELECT_STUDENTS_WITH_ENCRYPTION; GO CREATE procedure PROC_SELECT_STUDENTS_WITH_ENCRYPTION with encryption --encryption AS SELECT * FROM Students GO
Execution:
EXEC PROC_SELECT_STUDENTS_WITH_ENCRYPTION
effect, unable to view script or export creation script