Beginning Microsoft SQL Server 2008 ... - S3 Tech Training
Beginning Microsoft SQL Server 2008 ... - S3 Tech Training Beginning Microsoft SQL Server 2008 ... - S3 Tech Training
Chapter 12: Stored Procedures Sprocs can call to other sprocs (called nesting). For SQL Server 2008, you can nest up to 32 levels deep. This gives you the capability of reusing separate sprocs much as you would make use of a subroutine in a classic procedural language. The syntax for calling one sproc from another sproc is exactly the same as it is calling the sproc from a script. Using Sprocs for Security Many people don’t realize the full use of sprocs as a tool for security. Much like views, we can create a sproc that returns a recordset without having to give the user authority to the underlying table. Granting someone the right to execute a sproc implies that they can perform any action within the sproc, provided that the action is taken within the context of the sproc. That is, if we grant someone authority to execute a sproc that returns all the records in the Customers table, but not access to the actual Customers table, then the user will still be able to get data out of the Customers table, provided they do it by using the sproc (trying to access the table directly won’t work). What can be really handy here is that we can give someone access to modify data through the sproc, but then only give them read access to the underlying table. They will be able to modify data in the table provided that they do it through your sproc (which will likely be enforcing some business rules). They can then hook directly up to your SQL Server using Excel, Access, or whatever to build their own custom reports with no risk of “accidentally” modifying the data. Sprocs and Performance 396 Setting users up to directly link to a production database via Access or Excel has to be one of the most incredibly powerful and yet stupid things you can do to your system. While you are empowering your users, you are also digging your own grave in terms of the resources they will use and long-running queries they will execute (naturally, they will be oblivious to the havoc this causes your system). If you really must give users direct access, then consider using replication or backup and restores to create a completely separate copy of the database (or just the tables they need access to) for them to use. This will help insure you against record locks, queries that bog down the system, and a whole host of other problems. Generally speaking, sprocs can do a lot to help the performance of your system. Keep in mind, however, that like most things in life, there are no guarantees — indeed, some processes can be created in sprocs that will substantially slow the process if the sproc hasn’t been designed intelligently. Where does that performance come from? Well, when we create a sproc, the process works something like what you see in Figure 12-1. We start by running our CREATE PROC procedure. This parses the query to make sure that the code should actually run. The one difference versus running the script directly is that the CREATE PROC command can make use of what’s called deferred name resolution. Deferred name resolution ignores the fact that you may have some objects that don’t exist yet. This gives you the chance to create these objects later.
Figure 12-1 Time of Creation At Execution First run/ Recompile Not first run, but not in cache Not first run and in cache Added to the procedure cache in memory Chapter 12: Stored Procedures Added to: sysobjects sysdepends syscomments Optimized and compiled Recompiled After the sproc has been created, it sits in wait for the first time that it is executed. At that time, the sproc is optimized and a query plan is compiled and cached on the system. Subsequent times that we run our sproc will, unless we specify otherwise using the WITH RECOMPILE option, generally use that cached query plan rather than creating a new one. (There are situations where the sproc will be recompiled, but that is beyond the scope of this book.) This means that whenever the sproc is used it can skip much of the optimization and compilation process. Exactly how much time this saves varies depending on the complexity of the batch, the size of the tables involved in the batch, and the number of indexes on each table. Usually, the amount of time saved is seemingly small — say, perhaps 1 second or less for most scenarios — yet that difference can really add up in terms of percentage (1 second is still 100 percent faster than 2 seconds). The difference can become even more extreme when we need to make several calls or when we are in a looping situation. 397
- Page 383 and 384: Let’s build an example in the Adv
- Page 385 and 386: DECLARE @InVar varchar(50); DECLARE
- Page 387 and 388: -- This won’t work DECLARE @Numbe
- Page 389 and 390: -- Now we’re run our conditional
- Page 391 and 392: Out of the condition from inner con
- Page 393 and 394: A Simple CASE A simple CASE takes a
- Page 395 and 396: 3 8 More Than One Apart 2 2 Ends Wi
- Page 397 and 398: Now, I don’t know about you, but
- Page 399 and 400: The WAITFOR statement does exactly
- Page 401 and 402: IF @ErrorNo = 2714 -- Object exists
- Page 403: Chapter 11: Writing Scripts and Bat
- Page 406 and 407: Chapter 12: Stored Procedures Creat
- Page 408 and 409: Chapter 12: Stored Procedures Dropp
- Page 410 and 411: Chapter 12: Stored Procedures Suppl
- Page 412 and 413: Chapter 12: Stored Procedures 374 [
- Page 414 and 415: Chapter 12: Stored Procedures Confi
- Page 416 and 417: Chapter 12: Stored Procedures Now,
- Page 418 and 419: Chapter 12: Stored Procedures SQL S
- Page 420 and 421: Chapter 12: Stored Procedures 382 c
- Page 422 and 423: Chapter 12: Stored Procedures It wo
- Page 424 and 425: Chapter 12: Stored Procedures 386 r
- Page 426 and 427: Chapter 12: Stored Procedures 388 -
- Page 428 and 429: Chapter 12: Stored Procedures Note
- Page 430 and 431: Chapter 12: Stored Procedures 392 n
- Page 432 and 433: Chapter 12: Stored Procedures All t
- Page 436 and 437: Chapter 12: Stored Procedures When
- Page 438 and 439: Chapter 12: Stored Procedures 400 @
- Page 440 and 441: Chapter 12: Stored Procedures I’d
- Page 442 and 443: Chapter 12: Stored Procedures match
- Page 444 and 445: Chapter 12: Stored Procedures There
- Page 446 and 447: Chapter 12: Stored Procedures 408 f
- Page 449 and 450: 13 User-Defined Functions Well, her
- Page 451 and 452: types!), except for BLOBs, cursors,
- Page 453 and 454: We get back the same set as with th
- Page 455 and 456: AS RETURN (SELECT BusinessEntityID,
- Page 457 and 458: in your relational database. These
- Page 459 and 460: AS BEGIN ( EmployeeID int NOT NULL,
- Page 461 and 462: So, as you can see, we can actually
- Page 463 and 464: Despite being schema-bound, this on
- Page 465 and 466: 14 Transactions and Locks This is o
- Page 467 and 468: we are unable or do not want to com
- Page 469 and 470: Figure 14-1 Data needed Data in cac
- Page 471 and 472: Transaction 4 This transaction wasn
- Page 473 and 474: Oops — problem!!! Transaction 2 h
- Page 475 and 476: The only cure for this is setting y
- Page 477 and 478: Exclusive Locks Exclusive locks are
- Page 479 and 480: Also: ❑ The Sch-S is compatible w
- Page 481 and 482: The syntax for switching between th
- Page 483 and 484: As with most things in life, howeve
Chapter 12: Stored Procedures<br />
Sprocs can call to other sprocs (called nesting). For <strong>SQL</strong> <strong>Server</strong> <strong>2008</strong>, you can nest up to 32 levels deep.<br />
This gives you the capability of reusing separate sprocs much as you would make use of a subroutine in<br />
a classic procedural language. The syntax for calling one sproc from another sproc is exactly the same as<br />
it is calling the sproc from a script.<br />
Using Sprocs for Security<br />
Many people don’t realize the full use of sprocs as a tool for security. Much like views, we can create a<br />
sproc that returns a recordset without having to give the user authority to the underlying table. Granting<br />
someone the right to execute a sproc implies that they can perform any action within the sproc, provided<br />
that the action is taken within the context of the sproc. That is, if we grant someone authority to execute<br />
a sproc that returns all the records in the Customers table, but not access to the actual Customers table,<br />
then the user will still be able to get data out of the Customers table, provided they do it by using the<br />
sproc (trying to access the table directly won’t work).<br />
What can be really handy here is that we can give someone access to modify data through the sproc, but<br />
then only give them read access to the underlying table. They will be able to modify data in the table<br />
provided that they do it through your sproc (which will likely be enforcing some business rules). They<br />
can then hook directly up to your <strong>SQL</strong> <strong>Server</strong> using Excel, Access, or whatever to build their own custom<br />
reports with no risk of “accidentally” modifying the data.<br />
Sprocs and Performance<br />
396<br />
Setting users up to directly link to a production database via Access or Excel has to<br />
be one of the most incredibly powerful and yet stupid things you can do to your system.<br />
While you are empowering your users, you are also digging your own grave in<br />
terms of the resources they will use and long-running queries they will execute (naturally,<br />
they will be oblivious to the havoc this causes your system).<br />
If you really must give users direct access, then consider using replication or backup<br />
and restores to create a completely separate copy of the database (or just the tables<br />
they need access to) for them to use. This will help insure you against record locks,<br />
queries that bog down the system, and a whole host of other problems.<br />
Generally speaking, sprocs can do a lot to help the performance of your system. Keep in mind, however,<br />
that like most things in life, there are no guarantees — indeed, some processes can be created in sprocs<br />
that will substantially slow the process if the sproc hasn’t been designed intelligently.<br />
Where does that performance come from? Well, when we create a sproc, the process works something<br />
like what you see in Figure 12-1.<br />
We start by running our CREATE PROC procedure. This parses the query to make sure that the code should<br />
actually run. The one difference versus running the script directly is that the CREATE PROC command can<br />
make use of what’s called deferred name resolution. Deferred name resolution ignores the fact that you may<br />
have some objects that don’t exist yet. This gives you the chance to create these objects later.