Home > Articles > Data > SQL Server

SQL Server Reference Guide

Hosted by

Toggle Open Guide Table of ContentsGuide Contents

Close Table of ContentsGuide Contents

Close Table of Contents

Database Objects: Stored Procedures

Last updated Mar 28, 2003.

There are two main categories of these objects in a SQL Server Database: Things that store data and things that access or provide access to data. In the previous tutorials I've explained the objects that fit the first category — Tables. Other than Indexes (which are actually also Tables) nothing else stores data — everything else is an object that allows you to access data from a Table, and possibly affects Indexes.

All the other objects belong in the second category: things that access or provide access to data. In this tutorial I explained one of those objects — the View. As I explained there, a View is really just a set of text in the database. A View stores SELECT statements that provide a "window" into a Table or collection of Tables. You can use Views to slice the data down columns, restrict the data returned to a few rows, hide the complexity of the select statements, and simplify security. In the tutorial on Views, I explained a few limitations that Views have, and I told you that I'd demonstrate how to get around those limitations with Stored Procedures. That's the focus of this tutorial.

Stored Procedures are similar to Views. They are just text objects, and don't store any data. They do provide access to data. They can return datasets, just like a View, but that's where the similarity ends.

A Stored Procedure goes farther than a simple SELECT statement. Stored procedures can have complex code, meaning that they can have loops, conditions, and other program logic. They also have a serious trump-card over a View — they can accept inputs and return outputs. The output they produce can be a recordset, and they can also return a computed value, the result of a calculation on values returned from another Stored Procedure, and even a combination of all of those things. I'll show you a simple input and output in a bit.

But Stored Procedures don't have to return data at all. Many Database Administrators use Stored Procedures for much of their maintenance, which may or may not return any data at all.

Another big advantage with Stored Procedures is that they provide that "ownership chain" I described for Views. That means that as long as the same owner creates all the referenced objects, you only have to grant rights on the Stored Procedure. You don't have to spend lots of time mucking about with rights on the individual Tables, Views and what-not.

Finally, Stored Procedures are speedy. When a Stored Procedure is run for the first time, SQL Server does quite a few things. The SQL Server Query Optimizer creates an execution plan for the Stored Procedure, and in many cases the Stored Procedure is pre-compiled, and some of the data might even be cached. Any calls to that Stored Procedure after that are a "free ride" — well, sort of. Even if the subsequent calls aren't completely free, they are pretty quick after the first call. This isn't a universal behavior, because some Stored Procedure code does not cache well. I'll cover that scenario in a future article.

So now that you're all excited about the advantages to Stored Procedures, let's take a look at how to create them. To create Views, you'll use a simple CREATE statement, to delete them a DROP statement, and to change one, the ALTER statement. Which brings up an interesting aside...

I'll start off by showing you how to create a basic Stored Procedure. In this case, I'll use the pubs sample database to perform the tests. Here's a simple Stored Procedure that returns the first and last names of the authors in the authors Table:

 CREATE PROCEDURE usp_Test AS
SELECT au_fname, au_lname
FROM authors
ORDER BY au_lname;
GO

Note that when you created a View in the last tutorial, one of the limitations was that the View couldn't have an ORDER BY clause in it. Yet another advantage to Stored Procedures.

That is the process for creating a Stored Procedure. Unlike a View, where you use a SELECT statement to treat it as a Table, the Stored Procedure is treated as code. To indicate that you want to run a stored procedure, you use the EXECUTE statement, or you can abbreviate it to four letters with the EXEC statement:

EXEC usp_Test;
GO

As you can see, I started the name of this Stored Procedure with usp_. You don't really have to do that; some developers cringe when I do. The reason I do it is that when you're in a big shop, it's important to be able to quickly locate objects in a database. The usp_ stands for User Stored Procedure, at least for me. In a text list of objects, it's clear what it is. Why not use just sp_, for Stored Procedure? Because Microsoft took that one already. There are several Stored Procedures already in the master system database. These are system Stored Procedures, so whatever naming convention you choose, you probably don't want to use sp_.

So far I have a simple Stored Procedure that when run returns a recordset. Next, I'll explain a Stored Procedure that accepts input.

First, I'll get rid of the Stored Procedure I made a minute ago, just to keep the pubs sample database clean:

DROP PROCEDURE usp_Test;

GO

And now I'll create one that accepts input:

DROP PROCEDURE usp_Test;
GO
And now I'll create one that accepts input:
CREATE PROCEDURE usp_Test @lname varchar(30) AS
SELECT au_fname, au_lname
FROM authors
WHERE au_lname = @lname
ORDER BY au_lname;
GO

What's happening here is that the Stored Procedure takes a variable amount of characters up to 30 (varchar(30)) as an input and compares that string to the au_lname field. You can now run it:

EXEC usp_Test 'White';
GO

And there you have it. You can see I've supplied the parameter there at the end, in single-quotes. You may wonder if you can have more than one parameter. The answer is yes, you can have lots of them. If you can remember the order you wrote them in the Stored Procedure, you can just supply the variables when you run the Stored Procedure in order, with the variables separated by commas. A better solution is to supply the name of the parameter right in the call, like this:

EXEC usp_Test @lname = 'White',  @nextvariable = 'nextstring', ... 

That also allows you to specify the order of the variables if you wish, and it's just a good practice as well.

You may have also noticed that I'm placing EXEC in front of the Stored Procedure name. You don't always have to do that. You can just type usp_Test 'White' and the Stored Procedure will run. It won't run, however, if the Stored Procedure isn't the first item in the list of things you're running at one time, called a "batch". Here's an example:

 -- will run
usp_Test 'White'
GO
--won't run:
SELECT * FROM authors
usp_Test 'White'
GO

See the difference? The safer bet is to always preface the Stored Procedure with EXEC.

The Stored Procedures I've made so far provide output in the form of recordsets. What if you're after something else? Perhaps a numeric value? Here's how you can accomplish that, a Stored Procedure that performs a row count from the authors Table:

CREATE PROCEDURE usp_Test (@RowCount int OUTPUT )
AS
SELECT @RowCount = Count(*)
FROM authors;
GO 

The only thing new here is the OUTPUT parameter. But using it does get a little more complicated. To access the results, I'll have to do a few things first.

This Stored Procedure returns a value, but it stores the value in memory. Nothing actually reports to the screen with this type of output, since this Stored Procedure is used more with a programming application in mind.

To get at the return value, the first thing I need to do is carve out some memory space to hold the result, using the DECLARE statement:

DECLARE @GetCount INT 

Now I have a little bit of space up in memory to hold the results of something.

Next, I need to run the Stored Procedure, and return the output variable, storing it in the one I just created:

EXEC usp_Test @RowCount = @GetCount OUTPUT 
Finally, I can take a look at the results:
 SELECT @GetCount;
GO

And there you have it. It really isn't that difficult when you break it all down.

Building on these simple examples, you can make some very complicated Stored Procedures. I normally follow the standard coding practice I use of creating comments to define the flow of the program, and then code the comments.

One thing to keep in mind when you do that, however, is that when you create the comments, put them beneath the CREATE PROCEDURE..AS statement. Sure, you'll always have your scripts, but when someone only has the database, they can't see your header comments unless they are below that. Like this:

CREATE PROCEDURE usp_Test (@RowCount int OUTPUT )
AS
/* Returns a row count of the authors Table in the pubs sample database. */
SELECT @RowCount = Count(*)
FROM authors;
GO