tags:

views:

257

answers:

3
+1  Q: 

how to concatenate varying stored procedure parameters

please help me with writing this search sql stored procedure procedure may have different number of parameters at different time so could any body help me with writing this query. I don't know how to concatenate parameters. i am new to stored procedure

CREATE PROCEDURE searchStudent
-- Add the parameters for the stored procedure here
@course int=null,
@branch int=null,
@admissionYear varchar(max)=null,
@passingYear varchar(max)=null,
@userName varchar(max)=null,
@sex varchar(max)=null,
@studyGap varchar(max)=null,
@firstName varchar(max)=null,
@lastName varchar(max)=null
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
DECLARE query STR DEFAULT null

IF @course IS NOT NULL
THEN query=
SELECT * FROM [tbl_students] WHERE 

END
GO

please complete the query so that it can have parameters which are having values and can search from database on the basis of parameters value. But parameter may vary every time depends on search criteria.

A: 

Sorry, I am having trouble understanding what you are asking. Do you mean the consumer of the sproc may specify some arbitrary subset of the parameters and you want to filter on those?

Assuming the above you have 2 options.

1. use a where clause something like this:

WHERE ([tbl_students].firstName = ISNULL(@firstname,firstName)
  AND ([tbl_students].lastName = ISNULL(@lastName ,lastName )

etc. What this does is check if your parameter has a value, and, if so, it will compare it to the column. If the param is null, then it will compare the column to itself, which will never filter anything out.

  1. use dynamic sql in your sproc and just include the line of the where clause you want if the param is not null.
Andy_Vulhop  2010-06-04 18:53:13
+1  A: 

You would probably need to use Dynamic SQL to achieve this. First of all I would highly recommend reading this excellent article. http://www.sommarskog.se/dynamic_sql.html

You're dynamic sql would be something like this;

   Declare @query varchar(max)

   Set @query = 'Select * From dbo.MyTable Where '

   If @Course Is Not Null
   Begin
    Set @query = @query + 'Course = ' + Convert(varchar(10), @Course)
   end

   If @Branch Is Not Null
   Begin
    Set @query = @query + ' and Branch = ' + Convert(varchar(10), @Branch )
   end

This is only an example! You will need to build in some checks to ensure that you have one (and only one) Where clause, you must ensure that the integer values are converted to string values correctly. You must also check that the parameters don't have any special characters that could break the dynamic sql - like an apostrophe (')

Using dynamic SQL can be painful and very difficult to get right.

Good luck!

Barry  2010-06-04 18:57:35
you can avoid those checks by making your initial @query = 'Select * From dbo.MyTable Where 0=0' and making each additional clause start with 'AND <clause logic>'
Andy_Vulhop  2010-06-04 18:58:57
Ah yes of course - an excellent comment. Thanks!
Barry  2010-06-04 19:03:50
I was just about to recommend Sommarskog, that site is a great reference. Well worth a read for anyone wanting to get better with TSQL. Note that on his site he also shows how to do this without dynamic SQL, which should be avoided wherever possible :)
Meff  2010-06-04 19:06:56
a parametrized query is the best to use. When using a concatenated query (like shown here), you'll get very little chance for query-plan reuse and risk SQL injection.
KM  2010-06-04 19:29:16
+1  A: 

The key with a dynamic search conditions is to make sure an index is used, instead of how can I easily reuse code, eliminate duplications in a query, or try to do everything with the same query. Here is a very comprehensive article on how to handle this topic:

Dynamic Search Conditions in T-SQL by Erland Sommarskog

It covers all the issues and methods of trying to write queries with multiple optional search conditions. This main thing you need to be concerned with is not the duplication of code, but the use of an index. If your query fails to use an index, it will preform poorly. There are several techniques that can be used, which may or may not allow an index to be used.

here is the table of contents:

  Introduction
      The Case Study: Searching Orders
      The Northgale Database
   Dynamic SQL
      Introduction
      Using sp_executesql
      Using the CLR
      Using EXEC()
      When Caching Is Not Really What You Want
   Static SQL
      Introduction
      x = @x OR @x IS NULL
      Using IF statements
      Umachandar's Bag of Tricks
      Using Temp Tables
      x = @x AND @x IS NOT NULL
      Handling Complex Conditions
   Hybrid Solutions – Using both Static and Dynamic SQL
      Using Views
      Using Inline Table Functions
   Conclusion
   Feedback and Acknowledgements
   Revision History
KM  2010-06-04 19:13:21

related questions

SQL Server, convert a named instance to default instance?
Natural (human alpha-numeric) sort in Microsoft SQL 2005
In MS SQL Server 2005, is there a way to export, the complete maintenance plan of a database as a SQL Script?
Does ReadUncommitted imply NoLock
Query to list all tables that contain a specific column with SQL Server 2005.
Can I maintain state between calls to a SQL Server UDF?
What are the benefits of using partitions with the Enterprise edition of SQL 2005
Upgrading Sharepoint 3.0 to SQL 2005 Backend?
What's the simplest way to execute a query in Visual C++
Can you perform an AND search of keywords using FREETEXT() on SQL Server 2005?
Create a database from another database?
What's the fastest way to bulk insert a lot of data in SQL Server (C# client)
SQL 2005 Book For Optimization Techniques
How do I create a mapping table in SQL Server Management Studio?
Cannot Add a Sql Server Login
SQL Server 2005 - Export table programatically (run a .sql file to rebuild it)
Diagnosing Deadlocks in SQL Server 2005
SQL2005: Linking a table to multiple tables and retaining Ref Integrity?
How to create a new instance of Sql Server 2005
SQL Server 2008 vs 2005 Linq integration
How do you kill all current connections to a SQL Server 2005 database?
Conditional Visibility and Page Breaks with SQL Server 2005 Reporting Services
SQL Server 2005 and 2008 on same developer machine?
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting