Writing a Stored Procedure by Nathan Pond


Submitted on: 7/21/2000 1:12:46 PM
By: Nathan Pond
Level: Beginner
User Rating: By 124 Users
Compatibility:SQL Server 7.0

Users have accessed this article 241811 times.


This article is geared for beginners wanting to learn stored procedures. No prior experience on stored procedures is required, however a basic understanding of SQL Query Language might be needed.

Terms of Agreement:
By using this article, you agree to the following terms...

1. You may use this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
2. You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
3. You may link to this article from another website, but ONLY if it is not wrapped in a frame.
4. You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.


Writing a Stored Procedure

By Nathan Pond (

If you're anything like me, you don't easily pick up on

by hearing about them. When I first installed my MS SQL
opened up a whole new world of features that I had neve
Stored Procedures. This article is designed to tell you
procedures. I am using Microsoft (#)
SQL Server 7.0, but these examples should work in
any SQL version.

Writing Stored Procedures doesn't have to be hard. When

technology, I went to every newsgroup, web board, and I
for answers. Through all the complicated examples I fou
week before I finally got a working stored procedure. I
show you what I mean:

Normally, you would call a database with a query like:

Select column1, column2 From Table1

To make this into a stored procedure, you simple execut

CREATE PROCEDURE sp_myStoredProcedure

Select column1, column2 From Table1

That's it, now all you have to do to get the recordset

stored procedure. You can simply call it by name like t

2 of 15 6/13/2011 10:10 AM
Writing a Stored Procedure by Nathan Pond


Note: You can name a stored procedure anything you want

procedure with that name doesn't already exist. Names d
sp_ but that is something I choose to do just as a nami
somewhat a standard in the business world to use it, bu

Now, I realize you aren't gaining much in this example.

to make it easy to understand. Later in this article, w
can be useful, for now let's look at how you can call a

Let's say that we want to expand on our previous query

So we would have:

Select column1, column2 From Table1

Where column1 = 0

Well, I know we could hard code the 'Where column1 = 0'

procedure. But wouldn't it be neat if the number that 0
in as an input parameter? That way it wouldn't have to
4, etc. and you wouldn't have to change the stored proc
deleting the stored procedure we already created. Don't
with the added feature of an input parameter. We will d

DROP PROCEDURE sp_myStoredProcedure

Now we can recreate it with the input parameter built i

CREATE PROCEDURE sp_myStoredProcedure

@myInput int
Select column1, column2 From Table1
Where column1 = @myInput

Ok, why don't we pause here and I'll explain in more de

off, the parameter: you can have as many parameters as
Parameters are set when the stored procedure is called,
receives it into a variable. @myInput is a variable. Al
procedure have a @ symbol preceding it. A name preceded
variables. Other than that, you can name a variable any
declare a variable, you must specify its datatype. In t
type Int (Integer). Now, before I forget, here's how to
with a parameter:

sp_myStoredProcedure 0

If you want more than one parameter, you seperate them

stored procedure and the procedure call. Like so:

CREATE PROCEDURE sp_myStoredProcedure

@myInput int,
@myString varchar(100),

3 of 15 6/13/2011 10:10 AM
Writing a Stored Procedure by Nathan Pond


And you would call it like this:

sp_myStoredProcedure 0, 'This is my string', 3.45

Note: The varchar datatype is used to hold strings. You

of the string when you declare it. In this case, the va
for 100 characters to be help in it.

Now, I'm sure some of you are wondering if there is a d

from ASP. There really isn't, let's take our first stor
show how it is called from ASP. If it wasn't a stored p
something like this:

dim dataConn, sSql, rs
set dataConn = Server.CreateObject("ADODB.Conn
dataConn.Open "DSN=webData;uid=user;pwd=passwo
sSql = "Select column1, column2 From Table1"
Set rs = dataConn.Execute(sSql) 'execute sql c

Now let's see how we call the stored procedure.

dim dataConn, sSql, rs
set dataConn = Server.CreateObject("ADODB.Conn
dataConn.Open "DSN=webData;uid=user;pwd=passwo
sSql = "sp_myStoredProcedure"
Set rs = dataConn.Execute(sSql) 'execute sql c

As you can see, the only difference is the query that i

stored in the sSql command. Instead of being the actual
name of the stored procedure. Now let's take a quick lo
it with parameters. In our second example, we created t
accept one integer parameter. Here's the code:

dim dataConn, sSql, rs, myInt
myInt = 1 'set myInt to the number we want to
set dataConn = Server.CreateObject("ADODB.Conn
dataConn.Open "DSN=webData;uid=user;pwd=passwo
sSql = "sp_myStoredProcedure " & myInt
Set rs = dataConn.Execute(sSql) 'execute sql c

Now, before I get to far, let me introduce the ALTER co

stored procedures, so you don't have to drop them then
the ALTER command like this:

4 of 15 6/13/2011 10:10 AM
Writing a Stored Procedure by Nathan Pond

ALTER PROCEDURE sp_myStoredProcedure


This will overwrite the stored procedure that was there

will keep permissions, so it is better than dropping an

As promised I am going to dive into more detail about s

by answering a common question I received via e-mail. M
possible, and if so how to do it, to use stored procedu
statements. Absolutely!!! Anything that you can accompl
accomplished in a stored procedure, simply because a st
statements. Let's look at a simple INSERT example.


@FirstName varchar(20),
@LastName varchar(30)
INSERT INTO Names(FirstName, LastName)
values(@FirstName, @LastName)

Now, call this procedure with the parameters and it wil

'Names' table with the 'FirstName' and 'LastName' colum
approiately assigned. And here is an example of how to
from an ASP page:

dim dataConn, sSql
dim FirstName, LastName
FirstName = "Nathan"
LastName = "Pond"
set dataConn = Server.CreateObject("ADODB.Connection")
dataConn.Open "DSN=webData;uid=user;pwd=password" 'mak
sSql = "sp_myInsert '" & FirstName & "', '" & LastName
dataConn.Execute(sSql) 'execute sql call

Remeber, you can use stored procedures for anything, in

DELETE calls. Just embed a sql statement into the proce
the above procedure doesn't return anything, so you don
same will be true for UPDATE and DELETE calls. The only
statement that returns a recordset is the SELECT statem

Now, just because a recordset isn't returned, it doesn'

value. Stored procedures have the ability to return sin
Let me show you a practical example of this. Suppose yo
user enters a username and password, and you need to lo
they match, then you allow the user to logon, otherwise
logon page. Without a stored procedures you would do so

dim dataConn, sSql, rs
set dataConn = Server.CreateObject("ADODB.Connection")
dataConn.Open "DSN=webData;uid=user;pwd=password" 'mak
sSql = "Select * From User_Table Where UserName = '" &
Request.Form("UserName") & "' And Password = '
Request.Form("Password") & "'"
Set rs = dataConn.Execute(sSql) 'execute sql call
If rs.EOF Then
'Redirect user, incorrect login
Response.Redirect "Incorrect.htm"
End If
'process logon code

5 of 15 6/13/2011 10:10 AM
Writing a Stored Procedure by Nathan Pond

Now let's look at how we would accomplish this same tas

First let's write the procedure.


@UserName varchar(16),
@Password varchar(16)
if exists(Select * From User_Table
Where UserName = @UserName
Password = @Password)

What this procedure does is take the username and passw

the lookup. If a record is returned the stored procedur
if not the procedure will return 0. No recordset is ret
would use:

<--#INCLUDE VIRTUAL="/include/"-->
dim dataConn, adocmd, IsValid
set dataConn = Server.CreateObject("ADODB.Connection")
dataConn.Open "DSN=webData;uid=user;pwd=password" 'mak
Set adocmd = Server.CreateObject("ADODB.Command")
adocmd.CommandText = "sp_IsValidLogon"
adocmd.ActiveConnection = dataConn
adocmd.CommandType = adCmdStoredProc
adocmd.Parameters.Append adocmd.CreateParameter("retur
adInteger, adParamReturnValue, 4)
adocmd.Parameters.Append adocmd.CreateParameter("usern
adVarChar, adParamInput, 16, _
adocmd.Parameters.Append adocmd.CreateParameter("passw
adVarChar, adParamInput, 16, _
IsValid = adocmd.Parameters("return").Value
If IsValid = 0 Then
'Redirect user, incorrect login
Response.Redirect "Incorrect.htm"
End If
'process logon code

Now lets slow down for a minute and I'll go through wha
a command object for ADO. I did this with:

Set adocmd = Server.CreateObject("ADODB.Command")

Next I had to tell the object what command it would be

adocmd.CommandText = "sp_IsValidLogon"

Notice that the command is the name of the stored proce

You must tell the command object which connection (data
.ActiveConnection. .CommandType is a property that tell
what type of command it is trying to execute. adCmdStor
variable declared in the include file
(For more information on, be sure to read
ADOVBS.INC - Use It! (
It represents the number telling sql that the command i
The .Append method is used to add return values and par
the username and password parameters, as well as set up

6 of 15 6/13/2011 10:10 AM
Writing a Stored Procedure by Nathan Pond

the command with .Execute, and .Parameters("return").Va

the return value from the procedure. I set that to the
If IsValid is 0, the login is incorrect, if it is 1, th

Now even after the explanation this is still a lot to t

is to dive into your server and try a few simple tasks
One note: sometimes I get errors when I try to .Append
I have already set the parameters. Meaning I might get
like this:

Set adocmd = Server.CreateObject("ADODB.Command")
adocmd.CommandText = "sp_IsValidLogon"
adocmd.ActiveConnection = dataConn
adocmd.CommandType = adCmdStoredProc
adocmd.Parameters.Append adocmd.CreateParameter("usern
adVarChar, adParamInput, 16, Request.Form("UserName"))
adocmd.Parameters.Append .CreateParameter("password",
adVarChar, adParamInput, 16, Request.Form("Password"))
adocmd.Parameters.Append .CreateParameter("return", _
adInteger, adParamReturnValue, 4)
IsValid = adocmd.Parameters("return").Value

I'm not exactly sure why this happens, but I just made
value first, then the parameters.

Now I know what some of you are saying. "The original A

and password without using a stored procedure is so muc
me! Can Stored Procedures actually be used to improve e
asked, because although the example above did require a
realize that it is much more efficient. Stored procedur
efficiency, though. For a full explanation of the benef
to read the SQL Guru's Advice (http://www.4guysfromrolla.
And now I am going to show you an example of a task whe
your database calls.

Assume you have the same script as before for validatin

really does is say whether it is a valid username and p
functionality in to log all failed attempts at logging
'FailedLogons'. If you weren't using a stored procedure
make another call to the database from your ASP code. H
stored procedure, we don't have to touch the ASP code a
procedure like so:


@UserName varchar(16),
@Password varchar(16)
if exists(Select * From User_Table
Where UserName = @UserName
Password = @Password)
INSERT INTO FailedLogons(UserName, Password)
values(@UserName, @Password)

Wasn't that neat? But that's not all, while we're at it

functionality? Let's say that we want to run a check on
there have been more than 5 incorrect logins for that u
account will be disabled. We would have to have the 'Fa
up to have a 'dtFailed' column with a default value of
So when the incorrect logon is inserted into the table,
automatically. Then we would modify our stored procedur

7 of 15 6/13/2011 10:10 AM
Writing a Stored Procedure by Nathan Pond


@UserName varchar(16),
@Password varchar(16)
if exists(Select * From User_Table
Where UserName = @UserName
Password = @Password
Active = 1)
INSERT INTO FailedLogons(UserName, Password)
values(@UserName, @Password)

declare @totalFails int

Select @totalFails = Count(*) From FailedLogons
Where UserName = @UserName
And dtFailed > GetDate()-1
if (@totalFails > 5)
UPDATE User_Table Set Active = 0
Where UserName = @UserName

Now, let's take a closer look at what I was doing. Firs

username and password exist on the same row, and that t
user and exit the procedure. If the login is not ok tho
thing the procedure does is insert the record into the
Next we declare a variable to hold the number of failed
assign that value by using a sql statement to retrieve
within the same day. If that number is greater than 5,
hack that account so the the username will be disabled
'User_Table' to 0. Finally, return 0 letting the callin
the login was unsuccessful. To accomplish this same tas
needed to make 4 database calls. The way we just did it
plus the fact that all that functionality we added at t
we didn't have to touch the ASP code at all!

Note about 'begin/end': When using an 'If' statement in

as you keep the conditional code to one line you won't
'end' statement. Example:

if (@myvar=1)

However, if you need more than one line, it is required

and end. Example:

if (@myvar=1)
do this.....
and this.....
do this....

I hope that I have given enough information to keep you

If you're anything like me, getting the basics is the h
and learn on your own. That is why I decided to create

8 of 15 6/13/2011 10:10 AM
Writing a Stored Procedure by Nathan Pond

free to e-mail me at (mailto:nathan@npo

questions or comments about any of my articles.

Happy Programing!

You might also like