When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
Message Board
Related Web Technologies
User Tips!
Coding Tips

Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Stump the SQL Guru!
XML Info
Author an Article
ASP ASP.NET ASP FAQs Message Board Feedback
Print this page.
Published: Thursday, January 06, 2000

Writing a Stored Procedure Part II

By Nathan Pond

  • This article is a continuation of my previous article, Writing a Stored Procedure

    - continued -

    Let me start out by first correcting (or rather updating) something I said in my first article. I said there that I wasn't aware of a way to update a stored procedure without deleting it and recreating it. Well now I am. :-) There is an ALTER comand you can use, like this:

    ALTER PROCEDURE sp_myStoredProcedure

    This will overwrite the stored procedure that was there with the new set of commands, but will keep permissions, so it is better than dropping and recreating the procedure. Many thanks to Pedro Vera-Perez for e-mailing me with this info.

    As promised I am going to dive into more detail about stored procedures. Let me start out by answering a common question I received via e-mail. Many people wrote asking if it was possible, and if so how to do it, to use stored procedures do to more than select statements. Absolutely!!! Anything that you can accomplish in a sql statement can be accomplished in a stored procedure, simply because a stored procedure can execute sql statements. Let's look at a simple INSERT example.

    CREATE PROCEDURE sp_myInsert
      @FirstName  varchar(20),
      @LastName   varchar(30)
    INSERT INTO Names(FirstName, LastName)
    values(@FirstName, @LastName)

    Now, call this procedure with the parameters and it will insert a new row into the Names table with the FirstName and LastName columns approiately assigned. And here is an example of how to call this procedure with parameters from an ASP page:

    dim dataConn, sSql
    dim FirstName, LastName
    FirstName = "Nathan"
    LastName = "Pond"
    set dataConn = Server.CreateObject("ADODB.Connection")
    dataConn.Open  "DSN=webData;uid=user;pwd=password" 'make connection
    sSql = "sp_myInsert '" & FirstName & "', '" & LastName & "'"
    dataConn.Execute(sSql) 'execute sql call

    Remeber, you can use stored procedures for anything, including UPDATE and DELETE calls. Just embed a sql statement into the procedure. Notice that the above procedure doesn't return anything, so you don't need to set a recordset. The same will be true for UPDATE and DELETE calls. The only statement that returns a recordset is the SELECT statement.

    Now, just because a recordset isn't returned, it doesn't mean that there won't be a return value. Stored procedures have the ability to return single values, not just recordsets. Let me show you a practical example of this. Suppose you have a login on your site, the user enters a username and password, and you need to look these up in the database, if they match, then you allow the user to logon, otherwise you redirect them to an incorrect logon page. Without a stored procedures you would do something like this:

    dim dataConn, sSql, rs
    set dataConn = Server.CreateObject("ADODB.Connection")
    dataConn.Open  "DSN=webData;uid=user;pwd=password" 'make connection
    sSql = "Select * From User_Table Where UserName = '" & _
    	Request.Form("UserName") & "' And Password = '" & _
    	Request.Form("Password") & "'"
    Set rs = dataConn.Execute(sSql) 'execute sql call
    If rs.EOF Then
    	'Redirect user, incorrect login
    	Response.Redirect "Incorrect.htm"
    End If
    'process logon code

    Now let's look at how we would accomplish this same task using a stored procedure. First let's write the procedure.

    CREATE PROCEDURE sp_IsValidLogon
      @UserName  varchar(16),
      @Password  varchar(16)
    if exists(Select * From User_Table
              Where UserName = @UserName
                    Password = @Password)

    What this procedure does is take the username and password as input parameters and performs the lookup. If a record is returned the stored procedure will return a single value of 1, if not the procedure will return 0. No recordset is returned. Let's look at the asp you would use:

    <!--#INCLUDE VIRTUAL="/include/adovbs.inc"-->
    dim dataConn, adocmd, IsValid
    set dataConn = Server.CreateObject("ADODB.Connection")
    dataConn.Open  "DSN=webData;uid=user;pwd=password" 'make connection
    Set adocmd = Server.CreateObject("ADODB.Command")
    adocmd.CommandText = "sp_IsValidLogon"
    adocmd.ActiveConnection = dataConn
    adocmd.CommandType = adCmdStoredProc
    adocmd.Parameters.Append adocmd.CreateParameter("return", _
                                 adInteger, adParamReturnValue, 4)
    adocmd.Parameters.Append adocmd.CreateParameter("username", _
                                 adVarChar, adParamInput, 16, _
    adocmd.Parameters.Append adocmd.CreateParameter("password", _
                                 adVarChar, adParamInput, 16, _
    IsValid = adocmd.Parameters("return").Value
    If IsValid = 0 Then
    	'Redirect user, incorrect login
    	Response.Redirect "Incorrect.htm"
    End If
    'process logon code

    In Part 2 we'll look at the ADO Command Object, and how you can use it to execute stored procedures through your ASP pages. We'll also look at why you should use stored procedures as opposed to dynamic queries.

  • Read Part 2

  • ASP.NET [1.x] [2.0] | ASPFAQs.com | Advertise | Feedback | Author an Article