Also, we really don't want to have a user learn the SQL language just to display
some data in a browser. This is where stored procedures can be very useful.
Using a stored procedure we can use the same SELECT statements that we entered
into the URL of the browser and reduce the length of the URL that needs to be
entered. We can then just execute the stored procedure in the URL instead of
having to specify the entire SELECT statement.
As we have discovered in past chapters, using a stored procedure is more
efficient because it is optimized in SQL Server and is compiled and cached on
its first execution. This, and the fact that we can easily write more complex
queries in a stored procedure, makes using them ideal.
When we execute a stored procedure in the URL we need to specify the EXECUTE
keyword and the stored procedure name, just as we would in the Query Analyzer.
An example of this is shown:
http://localhost/htData?SQL=EXECUTE+up_select_xml_hardware&XSL=
Hardware.xsl&ContentType=Text/HTML&Root=Hardware
The only difference between this URL and the last is that
this URL executes a stored procedure instead of the SELECT statement. All other
keywords such as SQL, XSL, ContentType, and Root must still be specified.
Try It Out - Hardware Select Stored Procedure
Let's put this knowledge to use by creating a stored procedure to select the
hardware data that is required by our Hardware.xsl template.
1. The stored procedure that we want to create is listed below. Enter the
code for this stored procedure in the Query Analyzer and execute it:
CREATE PROCEDURE up_select_xml_hardware AS
SELECT Manufacturer_VC, Model_VC
FROM Hardware_T
FOR XML AUTO
GO
GRANT EXECUTE ON up_select_xml_hardware TO [Hardware Users]
2. To test this stored procedure enter the following
URL in your browser:
http://localhost/htData?SQL=EXECUTE+up_select_xml_hardware&XSL=
Hardware.xsl&ContentType=Text/HTML&Root=Hardware
The results of executing this stored procedure should be the
same as you saw in the last exercise. The only difference here is that we have
just executed a stored procedure in the URL instead of a SELECT statement.
How It Works - Hardware Select Stored Procedure
This stored procedure looks just about like every other SELECT stored procedure
that we have created. We start the stored procedure by specifying the CREATE
PROCEDURE statement followed by the stored procedure name and the AS keyword.
Then we specify the SELECT statement, which selects two columns from the
Hardware_T table. We have also included the FOR XML clause so the results of the
stored procedure will be returned as XML data to the browser:
SELECT Manufacturer_VC, Model_VC
FROM Hardware_T
FOR XML AUTO
We specify the GO command to have the Query Analyzer create
this stored procedure before we grant permissions on it to the hardware users
role:
GO
GRANT EXECUTE ON up_select_xml_hardware TO [Hardware Users]
It is important to note that you cannot execute just any
stored procedure in a URL. It must be a SELECT stored procedure, and it must
return XML data. The SELECT statement must, therefore, contain the FOR XML
clause.
Stored Procedure Parameters
Now that we know we can execute a stored procedure in the URL, it stands to
reason that we could also execute a stored procedure that accepts parameters.
This is true, and not as difficult as it may seem. This section will walk
through a couple of examples that illustrate executing stored procedures that
accept parameters, and point out what is needed to pass parameters to a stored
procedure.
When we execute a parameterized stored procedure in the Query Analyzer, we
simply specify the EXECUTE statement followed by the stored procedure name and
any parameters that it might expect. Looking at the following example, the
up_parmsel_assigned_system stored procedure accepts one parameter, the
Employee_ID. Execution of this code produces the desired results:
EXECUTE up_parmsel_assigned_system 1
Assuming this stored procedure returned the results as XML
data we would execute this same stored procedure in a browser using the
following code fragments in place of the SQL statements.
The first code fragment demonstrates executing this stored procedure by only
passing the parameter as we do in the Query Analyzer:
EXECUTE+up_parmsel_assigned_system+1
The second code fragment demonstrates specifying the
parameter name and its value. When using this method the parameter name
specified must exactly match the parameter name in the stored procedure:
EXECUTE+up_parmsel_assigned_system+@Employee_ID=1
Let's assume for a moment that we have a stored procedure
named up_parmsel_employee. This stored procedure expects the employee's last
name as the first input parameter and the employee's location ID as the second
input parameter. To execute this stored procedure in a URL we would specify the
code as shown in the following code fragments in place of the usual SQL
statements.
The first example simply specifies the parameter values. Notice that we have
included a comma between the two input parameters and, since the first parameter
is a string value, it has been enclosed in single quotes:
EXECUTE+up_parmsel_employee+'Willis'+,+1
The second example specifies the parameter names and
parameter values. Again we have enclosed the first parameter in single quotes
and used a comma to separate the parameters:
EXECUTE+up_parmsel_employee+@Last_Name_VC='Willis'+,+@Location_ID=1
Try It Out - Parameterized Stored Procedure
Now that we know that we can execute a parameterized stored procedure in a URL
we want to create a stored procedure that accepts parameters so we can
experience this first hand. The stored procedure that we want to create should
select most of the columns in the Hardware_T table. The input parameter to this
stored procedure will be the Hardware_ID, which will point to the row of data
that we want to select.
1. The code for this stored procedure is listed below. Enter this code in
the Query Analyzer and execute it:
CREATE PROCEDURE up_parmsel_xml_hardware
@Hardware_ID INT AS
SELECT Manufacturer_VC, Model_VC, Processor_Speed_VC,
Memory_VC, HardDrive_VC, Sound_Card_VC,
Speakers_VC, Video_Card_VC, Monitor_VC,
Serial_Number_VC, Lease_Expiration_DT,
CD_Type_CH
FROM Hardware_T
JOIN CD_T ON Hardware_T.CD_ID = CD_T.CD_ID
WHERE Hardware_ID = @Hardware_ID
FOR XML AUTO
GO
GRANT EXECUTE ON up_parmsel_xml_hardware TO [Hardware Users]
2. Before you execute this stored procedure in a
browser, you will need to obtain a valid number for the hardware ID. You can do
this by right-clicking on the Hardware_T table in the Object Browser of the
Query Analyzer and choosing Open from the context menu.
3. Once you have a valid hardware ID enter the following URL in your
browser, replacing the hardware ID specified with one that is valid in your
Hardware_T table:
http://localhost/htData?SQL=EXECUTE+
up_parmsel_xml_hardware+1+&Root=Hardware
You should see results similar to those shown in the next
figure. Notice that we have not used an XSL stylesheet to format the data in
this example, so it is just returned as XML data:
4. You can further test this stored procedure and see
the different results by substituting the @Hardware_ID parameter with different
values. If you use a value that does not exist, you will not receive an error
message but just an empty XML document, as shown in the next figure:
