tags:

views:

37

answers:

3
Q: 

Code a stored procedure that get one single record or all records from a table

I'm searching for the cleanest solution here. I would like to code a stored procedure that should retrieve one record if the proper key is passed in input, or all the records if it is called without parameter.

Table FOO has two fields, CODE and DESCRIPTION. In Sql server 2008, i usually create a stored procedure with like this:

CREATE PROCEDURE getFoo 
@CODE CHAR(3)=NULL
AS
IF @CODE is NULL 
  BEGIN
    SELECT CODE,DESCRIPTION FROM FOO
  END
ELSE
  BEGIN
    SELECT CODE,DESCRIPTION FROM FOO WHERE CODE=@CODE
  END
GO

The main problem with my solution is obviously the repetition of the SELECT that could be painful if table has many fields or has many joins to other tables.

Another approach that i see in others SP is:

CREATE PROCEDURE getFoo 
@CODE CHAR(3)=NULL
AS
DECLARE @FILTER CHAR(3)
SET NOCOUNT ON
IF @CODE is NULL SET @Filtro='%'
ELSE SET @FILTER =@CODE 

SELECT CODE,DESCRIPTION
FROM FOO
WHERE
CODE like @FILTER
GO

What is your preferred code for this simple task? Do you construct it dinamically and use EXECUTE at the end? thanks

A:  
SELECT CODE,DESCRIPTION 
FROM FOO 
WHERE CODE=@CODE OR @CODE IS NULL
Austin Salonen  2010-03-10 19:59:31
+1  A: 

I would do either what you did, or sometimes (depending on my mood) just:

SELECT CODE,DESCRIPTION FROM FOO WHERE CODE=ISNULL(@CODE,CODE)

I would NOT recommend building a dynamic string and executing it, here or anywhere else it can be avoided. It may have performance implications (but I'm not sure how true this is anymore), it make it hard to read, you get less compile-time syntax validation when you compile the proc, you get less useful information about the system dependencies, and (worst of all) you can open yourself up to SQL-injection attacks.

Mike Mooney  2010-03-10 20:01:25
very detailed answer, thanks.
systempuntoout  2010-03-10 20:11:31
fyi, SQL Server will not be able to use indexes efficiently when using this method. see this: http://www.sommarskog.se/dyn-search.html
KM  2010-03-10 20:28:50
+2  A: 

From your code, I'm guessing TSQL, so here is a very complete and quite extensive article on Dynamic Search Conditions in T-SQL by Erland Sommarskog. It will show that there is no one correct way, it depends on many factors.

It covers all the PROs and CONs of every possible method: http://www.sommarskog.se/dyn-search.html

KM  2010-03-10 20:12:02
Useful link, thanks.
systempuntoout  2010-03-10 20:21:35

related questions

What do you use to write and edit stored procedures in Oracle?
How do I determine using TSQL what roles are granted execute permissions on a specific stored procedure?
How do I run Oracle plsql procedure from Lisp?
Output parameters not readable when used with a DataReader
How do you create SQL Server 2005 stored procedure templates in SQL Server 2005 Management Studio?
How do I call MySQL stored procedures from Perl?
Are Stored Procedures more efficient, in general, than inline statements on modern RDBMS's?
Default Integer type in ASP.Net from a Stored Procedure
Should data security be performed on the database side?
How do I conditionally create a stored procedure in SQL Server?
Why is parameterized SQL generated by NHibernate just as fast as a stored procedure?
PHP + MySql + Stored Procedures, how do I get access an "out" value?
SQL file encoding in Visual Studio
T-SQL stored procedure that accepts multiple Id values
SQL Server Fast Forward Cursors
Formatting Stored Procedures
Asynchronous Stored Procedure Calls
Stored Procedure and Timeout
Which is better: Ad hoc queries, or stored procedures?
Query a union table with fields as columns.
Standalone tools for debugging stored procedures
What are the pros and cons to keeping SQL in Stored Procs versus Code
LINQ-to-SQL vs stored procedures?
Insert Update stored proc on SQL Server
Is there any list datatype in MySQL stored procedures, or a way to emulate them?