Sql stored procedure multiple where parameters
Stored procedures enable users to create modular code that can include complex business logic by combining multiple SQL statements with procedural logic. Show
In this Topic: Creating a Stored Procedure¶Naming Conventions for Stored Procedures¶Stored procedures are database objects, meaning that they are created in a specified database and schema. They have a fully-qualified name defined by their namespace, in the form of CALL temporary_db_qualified_names_test.temporary_schema_1.stproc_pi(); When called without their fully-qualified name, stored procedures are resolved according to the database and schema in use for the session. Overloading of Names¶Snowflake supports overloading of stored procedure names. Multiple stored procedures in the same schema can have the same name, as long as their signatures differ, either by the number of arguments or the argument types. When an overloaded stored procedure is called, Snowflake checks the arguments and calls the correct stored procedure. An example is included in Overloading Stored Procedure Names. Be careful when using overloading. The combination of automatic type conversion and overloading makes it easy for minor user errors to cause unexpected results. For an example, see Overloading Stored Procedure Names. Potential Conflicts with System-defined Functions and User-defined Functions¶Stored procedures and user-defined functions can have the same names if they have different numbers of arguments or different data types for arguments. However, Snowflake does not allow creating stored procedures with the same name as any of the system-defined functions. Transaction Management¶Stored procedures are not atomic; if one statement in a stored procedure fails, the other statements in the stored procedure are not necessarily rolled back. You can use stored procedures with transactions to make a group of statements atomic. For details, see Stored Procedures and Transactions. General Tips¶Symmetric Code¶If you are familiar with programming in assembly language, you might find the following analogy helpful. In assembly language, functions often create and undo their environments in a symmetric way. For example: -- Set up. push a; push b; ... -- Clean up in the reverse order that you set up. pop b; pop a; You might want to use this approach in your stored procedures:
For example your code might look similar to the pseudo-code shown below: create procedure f() ... $$ set x; set y; try { set z; -- Do something interesting... ... unset z; } catch { -- Give error message... ... unset z; } unset y; unset x; $$ ; Calling a Stored Procedure¶To execute a stored procedure, use a CALL statement. For example: call stproc1(5.14::FLOAT); Each argument to a stored procedure can be a general expression: CALL stproc1(2 * 5.14::FLOAT); An argument can be a subquery: CALL stproc1(SELECT COUNT(*) FROM stproc_test_table1); You can call only one stored procedure per CALL statement. For example, the following statement fails: call proc1(1), proc2(2); -- Not allowed Also, you cannot use a stored procedure CALL as part of an expression. For example, all the following statements fail: call proc1(1) + proc1(2); -- Not allowed call proc1(1) + 1; -- Not allowed call proc1(proc2(x)); -- Not allowed select * from (call proc1(1)); -- Not allowed However, inside a stored procedure, the stored procedure can call another stored procedure, or call itself recursively. Caution Nested calls can exceed the maximum allowed stack depth, so be careful when nesting calls, especially when using recursion. Privileges¶Stored Procedures utilize two types of privileges:
Privileges on Stored Procedures¶Similar to other database objects (tables, views, UDFs, etc.), stored procedures are owned by a role and have one or more privileges that can be granted to other roles. Currently, the following privileges apply to stored procedures:
For a role to use a stored procedure, the role must either be the owner or have been granted USAGE privilege on the stored procedure. Stored Procedure Considerations¶
SQL Injection¶Stored procedures can dynamically create a SQL statement and execute it. However, this can allow SQL injection attacks, particularly if you create the SQL statement using input from a public or untrusted source. You can minimize the risk of SQL injection attacks by binding parameters rather than concatenating text. For an example of binding variables, see Binding Variables. If you choose to use concatenation, you should check inputs carefully when constructing SQL dynamically using input from public sources. You might also want to take other precautions, such as querying using a role that has limited privileges (e.g. read-only access, or access to only certain tables or views). For more information about SQL injection attacks, see SQL injection (in Wikipedia). Design Tips for Stored Procedures¶Here are some tips for designing a stored procedure:
Documenting Stored Procedures¶Stored procedures are usually written to be re-used, and often to be shared. Documenting stored procedures can make stored procedures easier to use and easier to maintain. Below are some general recommendations for documenting stored procedures. Typically, there are at least two audiences who want to know about a stored procedure:
For users (and programmers), document each of the following:
For programmers:
The location and format of this information are up to you. You might store the information in HTML format in an internal web site, for example. Before deciding where to store it, think about where your organization stores similar information for other products, or similar information for other Snowflake features, such as views, user-defined functions, etc. Other tips:
Can a stored procedure have multiple parameters?The stored procedure with multiple parameters can be created by using the parameter names separated by a comma. Each parameter's data type can be defined along with its name as shown in the example below.
Can SQL stored procedure have multiple output parameters?A Stored Procedure can have any number of output parameters. The simple logic is this — If you want to return 1 value then use 1 output parameter, for returning 5 values use 5 output parameters, for 10 use 10, and so on.
Can pass 3 types of parameters to stored procedures What are they?As a program, a stored procedure can take parameters. There are three types of parameters: IN, OUT and INOUT.
How pass multiple parameters in SQL query?Passing Multiple Parameters In SQL IN Clause With SQL Command. DataSet ds = new DataSet();. String strNames = "";. strNames = "John,Rohan,Krist,Bronk,Peter";. SqlCommand cmd = new SqlCommand();. cmd. CommandText = "select * from tblemployee where ename in(@strNames)";. cmd. ... . SqlDataAdapter da = new SqlDataAdapter();. |