Also, we really don't want to have a user learn the SQL language just to display some data in a browser. This is where stored procedures can be very useful.
Using a stored procedure we can use the same SELECT statements that we entered into the URL of the browser and reduce the length of the URL that needs to be entered. We can then just execute the stored procedure in the URL instead of having to specify the entire SELECT statement.
As we have discovered in past chapters, using a stored procedure is more efficient because it is optimized in SQL Server and is compiled and cached on its first execution. This, and the fact that we can easily write more complex queries in a stored procedure, makes using them ideal.
When we execute a stored procedure in the URL we need to specify the EXECUTE keyword and the stored procedure name, just as we would in the Query Analyzer. An example of this is shown:
http://localhost/htData?SQL=EXECUTE+up_select_xml_hardware&XSL=
Hardware.xsl&ContentType=Text/HTML&Root=Hardware
The only difference between this URL and the last is that this URL executes a stored procedure instead of the SELECT statement. All other keywords such as SQL, XSL, ContentType, and Root must still be specified.
Try It Out - Hardware Select Stored Procedure
Let's put this knowledge to use by creating a stored procedure to select the hardware data that is required by our Hardware.xsl template.
1. The stored procedure that we want to create is listed below. Enter the code for this stored procedure in the Query Analyzer and execute it:
CREATE PROCEDURE up_select_xml_hardware AS
SELECT Manufacturer_VC, Model_VC
FROM Hardware_T
FOR XML AUTO
GO
GRANT EXECUTE ON up_select_xml_hardware TO [Hardware Users]
2. To test this stored procedure enter the following URL in your browser:
http://localhost/htData?SQL=EXECUTE+up_select_xml_hardware&XSL=
Hardware.xsl&ContentType=Text/HTML&Root=Hardware
The results of executing this stored procedure should be the same as you saw in the last exercise. The only difference here is that we have just executed a stored procedure in the URL instead of a SELECT statement.
How It Works - Hardware Select Stored Procedure
This stored procedure looks just about like every other SELECT stored procedure that we have created. We start the stored procedure by specifying the CREATE PROCEDURE statement followed by the stored procedure name and the AS keyword.
Then we specify the SELECT statement, which selects two columns from the Hardware_T table. We have also included the FOR XML clause so the results of the stored procedure will be returned as XML data to the browser:
SELECT Manufacturer_VC, Model_VC
FROM Hardware_T
FOR XML AUTO
We specify the GO command to have the Query Analyzer create this stored procedure before we grant permissions on it to the hardware users role:
GO
GRANT EXECUTE ON up_select_xml_hardware TO [Hardware Users]
It is important to note that you cannot execute just any stored procedure in a URL. It must be a SELECT stored procedure, and it must return XML data. The SELECT statement must, therefore, contain the FOR XML clause.
Stored Procedure Parameters
Now that we know we can execute a stored procedure in the URL, it stands to reason that we could also execute a stored procedure that accepts parameters. This is true, and not as difficult as it may seem. This section will walk through a couple of examples that illustrate executing stored procedures that accept parameters, and point out what is needed to pass parameters to a stored procedure.
When we execute a parameterized stored procedure in the Query Analyzer, we simply specify the EXECUTE statement followed by the stored procedure name and any parameters that it might expect. Looking at the following example, the up_parmsel_assigned_system stored procedure accepts one parameter, the Employee_ID. Execution of this code produces the desired results:
EXECUTE up_parmsel_assigned_system 1
Assuming this stored procedure returned the results as XML data we would execute this same stored procedure in a browser using the following code fragments in place of the SQL statements.
The first code fragment demonstrates executing this stored procedure by only passing the parameter as we do in the Query Analyzer:
EXECUTE+up_parmsel_assigned_system+1
The second code fragment demonstrates specifying the parameter name and its value. When using this method the parameter name specified must exactly match the parameter name in the stored procedure:
EXECUTE+up_parmsel_assigned_system+@Employee_ID=1
Let's assume for a moment that we have a stored procedure named up_parmsel_employee. This stored procedure expects the employee's last name as the first input parameter and the employee's location ID as the second input parameter. To execute this stored procedure in a URL we would specify the code as shown in the following code fragments in place of the usual SQL statements.
The first example simply specifies the parameter values. Notice that we have included a comma between the two input parameters and, since the first parameter is a string value, it has been enclosed in single quotes:
EXECUTE+up_parmsel_employee+'Willis'+,+1
The second example specifies the parameter names and parameter values. Again we have enclosed the first parameter in single quotes and used a comma to separate the parameters:
EXECUTE+up_parmsel_employee+@Last_Name_VC='Willis'+,+@Location_ID=1
Try It Out - Parameterized Stored Procedure
Now that we know that we can execute a parameterized stored procedure in a URL we want to create a stored procedure that accepts parameters so we can experience this first hand. The stored procedure that we want to create should select most of the columns in the Hardware_T table. The input parameter to this stored procedure will be the Hardware_ID, which will point to the row of data that we want to select.
1. The code for this stored procedure is listed below. Enter this code in the Query Analyzer and execute it:
CREATE PROCEDURE up_parmsel_xml_hardware
@Hardware_ID INT AS
SELECT Manufacturer_VC, Model_VC, Processor_Speed_VC,
Memory_VC, HardDrive_VC, Sound_Card_VC,
Speakers_VC, Video_Card_VC, Monitor_VC,
Serial_Number_VC, Lease_Expiration_DT,
CD_Type_CH
FROM Hardware_T
JOIN CD_T ON Hardware_T.CD_ID = CD_T.CD_ID
WHERE Hardware_ID = @Hardware_ID
FOR XML AUTO
GO
GRANT EXECUTE ON up_parmsel_xml_hardware TO [Hardware Users]
2. Before you execute this stored procedure in a browser, you will need to obtain a valid number for the hardware ID. You can do this by right-clicking on the Hardware_T table in the Object Browser of the Query Analyzer and choosing Open from the context menu.
3. Once you have a valid hardware ID enter the following URL in your browser, replacing the hardware ID specified with one that is valid in your Hardware_T table:
http://localhost/htData?SQL=EXECUTE+
up_parmsel_xml_hardware+1+&Root=Hardware
You should see results similar to those shown in the next figure. Notice that we have not used an XSL stylesheet to format the data in this example, so it is just returned as XML data:
4. You can further test this stored procedure and see the different results by substituting the @Hardware_ID parameter with different values. If you use a value that does not exist,
you will not receive an error message but just an empty XML document, as shown in the
next figure:
Continued...
