Introduction
The prefered way for applications to access SQL Server data is by the use of stored procedures. The benefits include increased performance, security, and code reuse. Often, beginning SQL Server developers find the use of parameters, especially output parameters, with stored procedures confusing. This article will demonstrate how to use parameters with stored procedures, including some sample code using VB.Net. The examples shown are based on SQL 2000, but the concepts apply to SQL 2005 as well.
Creating a stored procedure
From Books Online, here is the syntax used to create a stored procedure:
CREATE PROC [ EDURE ] [ owner. ] procedure_name [ ; number ]
[ { @parameter data_type }
[ VARYING ] [ = default ] [ OUTPUT ]
] [ ,...n ]
[ WITH
{ RECOMPILE | ENCRYPTION | RECOMPILE , ENCRYPTION } ]
[ FOR REPLICATION ]
AS sql_statement [ ...n ]You can also use the alter procedure statement to modify an existing stored procedure. A stored procedure can have up to 2,100 parameters. It is probably safe to assume that the typical stored procedure has no more than ten. Here is a very simple create procedure statement that takes two input parameters and one output parameter. Normally, a stored procedure will perform some kind of data manipulation or retrieval, so this is not the average example. It will, however, serve as a simple way to illustrate the use of parameters.
CREATE PROC usp_AddTwoIntegers @FirstNumber int = 5, @SecondNumber int, @Answer varchar(30) OUTPUT as Declare @sum int Set @sum = @FirstNumber + @SecondNumber Set @Answer = 'The answer is ' + convert(varchar,@sum) Return @sum
How to define a paramter
The first thing to remember is that the parameter name must start with an @ symbol. The name can’t have spaces, and there are some characters that are not allowed. If you just stick with alpha-numeric characters and underscores in your parameter names you won’t have any problems naming parameters. Second, the data type of the parameter and possibly the size must be stated. For example, the size of a parameter of type VARCHAR must be specified. Third, if you wish to access a return value from the parameter, the OUTPUT keyword must be used. In the example create proc statement, three parameters are defined, two are integers. One of the parameters, @Answer, is an OUTPUT parameter and will be used to pass a value back to the caller. Parameters can be given a default value. The @FirstNumber parameter has a default value of 5.
How to Call a Stored Procedure from Query Analyzer
A stored procedure can be called from query analyzer, another stored procedure or any other client that can talk to SQL Server. Here is a sample script that can be pasted into Query Analyzer to demonstrate the use of our proc:
Declare @a int, @b int, @c varchar(30) Select @a = 1, @b = 2 Exec usp_AddTwoIntegers @a, @b, @c OUTPUT Select @c --------------- The answer is 3
Notice that the keyword OUTPUT is used in the calling statement as well as the proc's definition. All of the arguments were defined as variables but given names that don’t match the original parameter names. This works because SQL resolves the parameters based on the position. Only the output parameter must be defined up front. The next example passes literal values for the first two arguments.
Declare @Answer varchar(30) Exec usp_AddTwoIntegers 1,2,@Answer OUTPUT Select @Answer --------------- The answer is 3
It is also possible to mix up the order of the arguments if the parameters are named in the calling statement.
The @FirstNumber parameter has a default that the proc will use since the argument is not specified.
Declare @Answer varchar(30) Exec usp_AddTwoIntegers @Answer = @Answer OUTPUT, @SecondNumber = 5 Select @Answer ---------------- The answer is 10
Hopefully many of you have noticed that the actual numeric sum is also returned from the procedure. This example shows how to access the return value.
Declare @sum int, @Answer varchar(30) Exec @sum = usp_AddTwoIntegers 5,5,@Answer Select @sum ----------- 10
Normally return values are used to report the success or failure of the procedure. So, even though you can return any integer value from the proc, usually a 0 for success or 1 for failure is returned.
Stored procedures are usually used to retrieve or manipulate data. Here is a typical stored procedure using the Northwind sample database that ships with SQL 2000. The parameter is used in the where clause to filter the results.
Create proc usp_GetCustomerName @CustomerID varchar(5) as
Select CompanyName from Customers where CustomerID = @CustomerID
go
exec usp_GetCustomerName 'ANTON'
CompanyName
-----------------------
Antonio Moreno TaqueríaCalling a stored procedure from VB.Net
As promised, here is a code snippet showing how to call a stored procedure using VB.Net. Again, no one would ever call a stored procedure to add two numbers together. This example is given to illustrate the use of parameters.
Create a new VB.Net Windows Application project. Add a button to the form. Add this statement to top of the form’s code window:
Imports System.Data.SqlClient
Paste this code into the form’s code window right above the End Class statement. I added the sample stored procedure to the Northwind database. Modify the connection string so it will work in your environment.
Private Sub Button1_Click(ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles Button1.Click
'You may need to modify the connection string
Dim conn As New SqlConnection("Integrated Security=SSPI;" _
& "Persist Security Info=False;Initial Catalog=Northwind;" _
& "Data Source=(local);Packet Size=4096;")
conn.Open()
'set up the command object
Dim myCommand As New SqlCommand("usp_AddTwoIntegers", conn)
myCommand.CommandType = CommandType.StoredProcedure
'add the first two parameters
myCommand.Parameters.Add("@FirstNumber", 5) 'this one is optional
myCommand.Parameters.Add("@SecondNumber", 5)
'The output and return parameters must be created as objects
Dim myAnswer As New SqlParameter("@Answer", SqlDbType.VarChar, 30)
myAnswer.Direction = ParameterDirection.Output
Dim mySum As New SqlParameter()
mySum.Direction = ParameterDirection.ReturnValue
'add them to the parameter collection
myCommand.Parameters.Add(myAnswer)
myCommand.Parameters.Add(mySum)
'execute the query
myCommand.ExecuteNonQuery()
'display the values
MsgBox(myAnswer.Value)
MsgBox(mySum.Value)
End Sub
Run the form and click the button to see the output parameter and return values.
Conclusion
Using stored procedures is the best way for applications to access SQL data. This article explained, using a very simple example, how to use parameters with stored procedures.
