Module 9

Designing and Implementing

Stored Procedures
Module Overview

Introduction to Stored Procedures

Working with Stored Procedures
Implementing Parameterized Stored Procedures
• Controlling Execution Context
Lesson 1: Introduction to Stored Procedures

What Is a Stored Procedure?

Benefits of Stored Procedures
Working with System Stored Procedures
Statements Not Permitted in Stored Procedures
• Demonstration: Working with System Stored
Procedures and Extended Stored Procedures
What Is a Stored Procedure?

• When applications interact with SQL Server, there are two

basic ways to execute Transact-SQL code
• Every statement can be issued directly by the application
• Groups of statements can be stored on the server as stored
procedures and given a name—the application then calls the
procedures by name
• Stored procedures
• Are similar to procedures or methods in other languages
• Can have input parameters
• Can have output parameters
• Can return sets of rows
• Are executed by the EXECUTE Transact-SQL statement
• Can be created in managed code or Transact-SQL
Benefits of Stored Procedures

• Can enhance the security of an application

• Users can be given permission to execute a stored procedure
without permission to the objects that it accesses
• Enables modular programming
• Create once, but call many times and from many applications
• Enables the delayed binding of objects
• Can create a stored procedure that references a database object
that does not exist yet
• Can avoid the need for ordering in object creation
• Can improve performance
• A single statement requested across the network can execute 100s
of lines of Transact-SQL code
• Better opportunities for execution plan reuse
Working with System Stored Procedures

• A large number of system stored procedures are

supplied with SQL Server
• Two basic types of system stored procedure
• System stored procedures: typically used for
administrative purposes either to configure servers,
databases, or objects, or to view information about
them
• System extended stored procedures: extend the
functionality of SQL Server
• Key difference is how they are coded
• System stored procedures are Transact-SQL code in the
master database
• System extended stored procedures are references to
DLLs
Statements Not Permitted in Stored Procedures

• Some Transact-SQL statements are not allowed:

• CREATE AGGREGATE
• CREATE DEFAULT
• CREATE or ALTER FUNCTION
• CREATE or ALTER PROCEDURE
• SET PARSEONLY
• SET SHOWPLAN TEXT
• USE databasename
• CREATE RULE
• CREATE SCHEMA
• CREATE or ALTER TRIGGER
• CREATE or ALTER VIEW
• SET SHOWPLAN ALL or SET SHOWPLAN XML
Demonstration: Working with System Stored
Procedures and Extended Stored Procedures

In this demonstration, you will see how to:

• Execute system stored procedures
Lesson 2: Working with Stored Procedures

Creating a Stored Procedure

Executing a Stored Procedure
Altering a Stored Procedure
Dropping a Stored Procedure
Stored Procedures Error Handling
Transaction Handling
Stored Procedure Dependencies
Guidelines for Creating Stored Procedures
Obfuscating Stored Procedures
• Demonstration: Stored Procedures
Creating a Stored Procedure

• CREATE PROCEDURE is used to create new stored

procedures
• Before SQL Server 2016 SP1, a procedure must not
already exist, otherwise ALTER must be used or the
procedure dropped first
• In SQL Server 2016 SP1 and later, the CREATE OR ALTER
statement is supported
• CREATE PROCEDURE must be the only statement in a
batch
Executing a Stored Procedure

• EXECUTE statement
• Used to execute stored procedures and other objects
such as dynamic SQL statements stored in a string
• Use two- or three-part naming when executing
stored procedures to avoid SQL Server having to
carry out unnecessary searches
Altering a Stored Procedure

• ALTER PROCEDURE statement

• Used to replace a stored procedure
• Retains the existing permissions on the procedure
Dropping a Stored Procedure

• DROP PROCEDURE removes one or more stored

procedures from the current database
• sys.procedures system view gives details on
stored procedures in the current database
• sp_dropextendedproc to drop system extended
stored procedures
Stored Procedures Error Handling

• Include error handling in your stored procedures

• Use the TRY … CATCH construct to handle errors
• BEGIN TRY <code> END TRY
• BEGIN CATCH <error handling code> END
CATCH
• Error functions used within a CATCH block
• ERROR_NUMBER()
• ERROR_SEVERITY()
• ERROR_STATE()
• ERROR_PROCEDURE()
• ERROR_LINE()
• ERROR_MESSAGE()
Transaction Handling

• Explicit transactions are managed with

• BEGIN TRANSACTION or BEGIN TRAN
• COMMIT TRANSACTION

• Use a TRY … CATCH block to ROLLBACK

transactions
• Use to ensure the complete transaction—or
nothing—is committed
• @@TRANCOUNT keeps count of the number of
BEGIN TRANSACTIONS
• Use SET XACT_ABORT ON or OFF to determine
how SQL Server should handle statements within
a transaction
Stored Procedure Dependencies

New system views replace the use of sp_depends

• sys.sql_expression_dependencies
• Contains one row per dependency by name on user-
defined entities in the current database
• sys.dm_sql_referenced_entities
• Contains one row for each entity referenced by another
entity
• sys. dm_sql_referencing_entities
• Contains one row for each entity referencing another
entity 
Guidelines for Creating Stored Procedures

• Qualify names inside stored procedures

• Keep consistent SET options
• SET NOCOUNT ON
• Apply consistent naming conventions (and no
sp_ prefix)
• Use @@nestlevel to see current nesting level (32
is the maximum number of levels)
• Use return codes to identify reasons various
execution outcomes
• Keep to one procedure for each task
Obfuscating Stored Procedures

• WITH ENCRYPTION clause

• Encrypts stored procedure definition stored in SQL
Server
• Protects stored procedure creation logic to a limited
extent
• Is generally not recommended
Demonstration: Stored Procedures

In this demonstration, you will see how to:

• Create, execute, and alter a stored procedure
Lesson 3: Implementing Parameterized Stored
Procedures

Working with Parameterized Stored Procedures

Using Input Parameters
Using Output Parameters
• Parameter Sniffing and Performance
Working with Parameterized Stored Procedures

• Parameterized stored procedures contain three

major components
• Input parameters
• Output parameters
• Return values
Using Input Parameters

• Parameters have the @ prefix, a data type, and

optionally a default value
• Parameters can be passed in order, or by name
• Parameters should be validated early in
procedure code
Using Output Parameters

• OUTPUT must be specified

• When declaring the parameter
• When executing the stored procedure
Parameter Sniffing and Performance

• Query plans generated for a stored procedure are

generally reused the next time the stored procedure is
executed
• In most cases this is desirable behavior
• Some stored procedures can benefit from different query
plans for different sets of parameters
• Commonly called a “parameter sniffing” problem
• Options for resolving:
• WITH RECOMPILE in stored procedure code
• sp_recompile
• EXEC WITH RECOMPILE
• OPTION (OPTIMIZE FOR)
Lesson 4: Controlling Execution Context

Controlling Executing Context

The EXECUTE AS Clause
Viewing Execution Context
• Demonstration: Viewing Execution Context
Controlling Executing Context

• Security tokens
• Login token
• User token

• Control security context using

• EXECUTE AS
The EXECUTE AS Clause

• Enables impersonation
• Provides access to modules through
impersonation
• Impersonate server-level principals or logins by
using EXECUTE AS LOGIN
• Impersonate database-level principals or users by
using EXECUTE AS USER
Viewing Execution Context

• Details of the current security context can be

viewed programmatically
• sys.login_token shows the login-related details
• sys.user_token shows all tokens that are
associated with a user
Demonstration: Viewing Execution Context

In this demonstration, you will see how to:

• View and change the execution context
Lab: Designing and Implementing Stored
Procedures

Exercise 1: Create Stored Procedures

Exercise 2: Create Parameterized Stored Procedures
• Exercise 3: Change Stored Procedure Execution
Context

Logon Information
Virtual machine: 20762C-MIA-SQL
User name: ADVENTUREWORKS\Student
Password: Pa55w.rd

Estimated Time: 45 minutes

Lab Scenario

You need to create a set of stored procedures to

support a new reporting application. The
procedures will be created within a new Reports
schema.
Lab Review

• In this lab, you learned how to create a stored

procedure. You also learned how to change the
execution context of a stored procedure and
create a parameterized stored procedure.
Module Review and Takeaways

• Best Practice