Mrdenny 
46795 pts. | Mar 22 2008 12:20AM GMT
Check out my SQL Server blog “SQL Server with Mr Denny” for more SQL Server information.
Q:
Having problems converting SQL Server queries to stored procedures
I am using SQL Server queries as in-script and I have now decided to use the queries as stored procedures. However, I am facing some problems while converting the SQL Server queries into stored procedures. It’s a book search functionality based on book name and author name.
My Old SQL query, which I was using with ASP, is as follows:
SQL = Select * From Tbl_Name Where Name LIKE '%xyz%' & strOrderBy
Where strOrderBy is provided by user input at the time of search, so that they can sort book listing as they want.
Variable strOrderBy, is asp variable and its value being determined by user at the time of search. I was passing the value of strOrderBy like this.
Select Case strOrderByInput
Case "pubdateasc"
strOrderBy = "Order by publication DESC
Case "bookname"
'strOrderBy = "Order by BookName ASC"
Case "Author"
'strOrderBy = "Order by AuthorName ASC"
Case Else
strOrderBy = "Order by publication ASC"
End Select
The whole thing is working fine when I’m using this in ASP as in-line query. However, when I changed it into stored procedures, I am not able to pass strOrderBy variable as I was doing earlier. How do I accomplish this using it as a stored procedure?
My Old SQL query, which I was using with ASP, is as follows:
SQL = Select * From Tbl_Name Where Name LIKE '%xyz%' & strOrderBy
Where strOrderBy is provided by user input at the time of search, so that they can sort book listing as they want.
Variable strOrderBy, is asp variable and its value being determined by user at the time of search. I was passing the value of strOrderBy like this.
Select Case strOrderByInput
Case "pubdateasc"
strOrderBy = "Order by publication DESC
Case "bookname"
'strOrderBy = "Order by BookName ASC"
Case "Author"
'strOrderBy = "Order by AuthorName ASC"
Case Else
strOrderBy = "Order by publication ASC"
End Select
The whole thing is working fine when I’m using this in ASP as in-line query. However, when I changed it into stored procedures, I am not able to pass strOrderBy variable as I was doing earlier. How do I accomplish this using it as a stored procedure?
ASKED:
Mar 21 2008 8:38 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
A:
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
In order to have a dynamic order by you have two options.
1. Use dynamic SQL.
2. Use a branching storage procedure.
Option 1:
CREATE PROCEDURE MyProc
@OrderBy NVARCHAR(30)
AS
DECLARE @SQL NVARCHAR(4000)
SET @SQL = N“Select * From Tbl_Name Where Name LIKE '%xyz%' ” + @OrderBy
exec (@SQL)
GO
Option 2:
CREATE PROCEDURE MyProc
@OrderBy INT
AS
IF @OrderBy = 1
SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' ORDER BY publication DESC
IF @OrderBy = 2
SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by BookName ASC
IF @OrderBy = 3
SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by AuthorName ASC
IF @OrderBy = 4
SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by publication ASC
GO
The problem with dynamic SQL is there are security risks with using it.
The problem with the branching code is that SQL can't do much with caching the execution plan (especially in SQL 2000 and below).
