Home > IT Answers > Development > Having problems converting SQL Server queries to stored procedures
SQL Server Ask the Experts
2,585 pts.
 Having problems converting SQL Server queries to stored procedures
SQL Query, SQL Server, Stored Procedures
I am using SQL Server queries as in-script and I have now decided to use the queries as stored procedures. However, I am facing some problems while converting the SQL Server queries into stored procedures. It’s a book search functionality based on book name and author name. My Old SQL query, which I was using with ASP, is as follows: SQL = Select * From Tbl_Name Where Name LIKE '%xyz%' & strOrderBy Where strOrderBy is provided by user input at the time of search, so that they can sort book listing as they want. Variable strOrderBy, is asp variable and its value being determined by user at the time of search. I was passing the value of strOrderBy like this. Select Case strOrderByInput Case "pubdateasc" strOrderBy = "Order by publication DESC Case "bookname" 'strOrderBy = "Order by BookName ASC" Case "Author" 'strOrderBy = "Order by AuthorName ASC" Case Else strOrderBy = "Order by publication ASC" End Select The whole thing is working fine when I’m using this in ASP as in-line query. However, when I changed it into stored procedures, I am not able to pass strOrderBy variable as I was doing earlier. How do I accomplish this using it as a stored procedure?

Software/Hardware used:
ASKED: March 21, 2008  8:38 PM
UPDATED: March 22, 2008  12:20 AM
RELATED QUESTIONS
Answer Wiki:
I'll refer you to the answer I posted over on http://itknowledgeexchange.techtarget.com/itanswers/stored-procedure-problem. In order to have a dynamic order by you have two options. 1. Use dynamic SQL. 2. Use a branching storage procedure. Option 1: <pre>CREATE PROCEDURE MyProc @OrderBy NVARCHAR(30) AS DECLARE @SQL NVARCHAR(4000) SET @SQL = N“Select * From Tbl_Name Where Name LIKE '%xyz%' ” + @OrderBy exec (@SQL) GO</pre> Option 2: <pre>CREATE PROCEDURE MyProc @OrderBy INT AS IF @OrderBy = 1 SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' ORDER BY publication DESC IF @OrderBy = 2 SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by BookName ASC IF @OrderBy = 3 SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by AuthorName ASC IF @OrderBy = 4 SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by publication ASC GO</pre> The problem with dynamic SQL is there are security risks with using it. The problem with the branching code is that SQL can't do much with caching the execution plan (especially in SQL 2000 and below).
Last Wiki Answer Submitted:  March 22, 2008  12:20 am  by  Denny Cherry   64,520 pts.
All Answer Wiki Contributors:  Denny Cherry   64,520 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

Check out my SQL Server blog “SQL Server with Mr Denny” for more SQL Server information.

Denny Cherry
 64,520 pts.