[thelist] SProcs - SELECT queries

Brian Cummiskey Brian at hondaswap.com
Thu Jun 23 11:52:54 CDT 2005 

Chris at globet.com wrote:

> 1) How would I go about so structuring a stored procedure with optional
> parameters that I could then use in different places for different
> queries?
> 

you can pass parameters into a SP no problem.  SQL supports if statements.

> 2) Is this possible?

sure is.

> 
> 3) If so, is it a good idea?
> 

yup.  SP's are more efficient most of the time, and are way more secure 
as well.



in your asp/html:

<%
	dim rst, comm, connstr
	connstr = ConnStr = 
"Provider=SQLOLEDB.1;UID=USERNAME;Password=PASSWORD;Persist Security 
Info=False;Initial Catalog=DBNAME;Data Source=SERVERNAME"

	server.ScriptTimeout = 3600
	set comm = Server.CreateObject ("ADODB.Command")
	set rst = Server.CreateObject("ADODB.Recordset")
	comm.CommandTimeout = 0
	comm.ActiveConnection = connstr
	comm.CommandText = "usp_DO_SELECT"	' or, whatever you call your SP
	comm.CommandType = adCmdStoredProc
	comm.Parameters("@bCondition1") = request("bCondition1")
	comm.Parameters("@bCondition2") = request("bCondition2")
	comm.Parameters("@bCondition3") = request("bCondition3")
	comm.Parameters("@bCondition4") = request("bCondition4")
	comm.Parameters("@aValue") = request("aValue")
	comm.Parameters("@bValue") = request("bValue")
	comm.Parameters("@cValue") = request("cValue")
	comm.Parameters("@dValue") = request("dValue")
	
	set rst = comm.Execute
	
	set comm = Nothing
	
	if not rst.EOF then
		' do your html/results html table stuff here
	else
		response.write "No results"
	end if
%>

	
and for the procedure...
-------------------------------------

SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS OFF
GO




CREATE proc usp_DO_SELECT
(
@bcondition1 varchar(20),
@bcondition2 varchar(20),
@bcondition3 varchar(20),
@bcondition4 varchar(20),
@aValue varchar(20),
@bValue varchar(20),
@cValue varchar(20),
@dValue varchar(20)
)
as
begin
set nocount on

declare @queryString varchar(8000)

set @querystring = 'SELECT aField, bField, cField, dField FROM aTable 
WHERE 1=1 '

	if(@bcondition1 is not null)
	begin
		set @querystring = @querystring + 'AND aField = @aValue '
	end
	if(@bcondition2 is not null)
	begin
		set @querystring = @querystring + 'AND bField = @bValue '
	end
	if(@bcondition3 is not null)
	begin
		set @querystring = @querystring + 'AND cField = @cValue '
	end
	if(@bcondition4 is not null)
	begin
		set @querystring = @querystring + 'AND dField = @dValue'
	end
	
exec (@queryString)

end

GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO	

--------------------------------------

of course, change the varchar(20) to fit your needs.

this is untested, so there may be a few parse errors... but its the 
general idea.

More information about the thelist mailing list