63,630 pts.
POSTED: Mar 21, 2008 12:35 AM (GMT)
Check out my SQL Server blog “SQL Server with Mr Denny” for more SQL Server information.
Stored Procedure Problem
Hi Greg,
I am using SQL queries as in-script and now decided to use them as stored procedure. I am facing some problem while converting them into stored procedures. It’s a book search functionality based on book name and author name.
My Old SQL query, which I was using with asp.
SQL = “Select * From Tbl_Name Where Name LIKE '%xyz%' ” & strOrderBy
Where strOrderBy is provided by user input at the time of search, so that they can sort book listing as they want.
Variable strOrderBy, is asp variable and its value being determined by user at the time of search. I was passing the value of strOrderBy like this.
Select Case strOrderByInput
Case "pubdateasc"
strOrderBy = "Order by publication DESC”
Case "bookname"
'strOrderBy = " Order by BookName ASC "
Case "Author"
'strOrderBy = " Order by AuthorName ASC "
Case Else
strOrderBy = " Order by publication ASC"
End Select
The whole thing is working fine when im using this in ASP as in-line query, but when I changed it into stored procedure. I am not able to pass strOrderBy variable as I was doing it earlier. Please can you help me how to do this in stored procedure?
Regards
Anil
I am using SQL queries as in-script and now decided to use them as stored procedure. I am facing some problem while converting them into stored procedures. It’s a book search functionality based on book name and author name.
My Old SQL query, which I was using with asp.
SQL = “Select * From Tbl_Name Where Name LIKE '%xyz%' ” & strOrderBy
Where strOrderBy is provided by user input at the time of search, so that they can sort book listing as they want.
Variable strOrderBy, is asp variable and its value being determined by user at the time of search. I was passing the value of strOrderBy like this.
Select Case strOrderByInput
Case "pubdateasc"
strOrderBy = "Order by publication DESC”
Case "bookname"
'strOrderBy = " Order by BookName ASC "
Case "Author"
'strOrderBy = " Order by AuthorName ASC "
Case Else
strOrderBy = " Order by publication ASC"
End Select
The whole thing is working fine when im using this in ASP as in-line query, but when I changed it into stored procedure. I am not able to pass strOrderBy variable as I was doing it earlier. Please can you help me how to do this in stored procedure?
Regards
Anil
ASKED:
Mar 20, 2008 3:34 PM GMT
UPDATED:
March 21, 2008 12:35:15 AM GMT
RELATED QUESTIONS
- Having problems converting SQL Server queries to stored procedures
- Access 2003 - Setting Form's Recordsource
- VB Script to monitor files on Windows machines from a Zenoss server
- Unable to browse local intranet PHP site
- VB Script to delete old files fom the local and/or remote computer(s)
- Parameter in select statement
- AS/400 stored procedure passing parameter
- List all users in group..
- Query Variables in CL
- ASP.NET image upload help
Answer Wiki:
In order to have a dynamic order by you have two options.
1. Use dynamic SQL.
2. Use a branching storage procedure.
Option 1:
Option 2:
The problem with dynamic SQL is there are security risks with using it.
The problem with the branching code is that SQL can't do much with caching the execution plan (especially in SQL 2000 and below).
1. Use dynamic SQL.
2. Use a branching storage procedure.
Option 1:
CREATE PROCEDURE MyProc
@OrderBy NVARCHAR(30)
AS
DECLARE @SQL NVARCHAR(4000)
SET @SQL = N“Select * From Tbl_Name Where Name LIKE '%xyz%' ” + @OrderBy
exec (@SQL)
GO
Option 2:
CREATE PROCEDURE MyProc
@OrderBy INT
AS
IF @OrderBy = 1
SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' ORDER BY publication DESC
IF @OrderBy = 2
SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by BookName ASC
IF @OrderBy = 3
SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by AuthorName ASC
IF @OrderBy = 4
SELECT * FROM Tbl_Name WHERE Name LIKE '%xyz%' Order by publication ASC
GO
The problem with dynamic SQL is there are security risks with using it.
The problem with the branching code is that SQL can't do much with caching the execution plan (especially in SQL 2000 and below).
To see other answers submitted to the Answer Wiki View Answer History.
