What Are Stored Procedures?

Jing - Oct 22 - - Dev Community

SQL (Structured Query Language) is a standard language for managing and operating relational databases. One of its powerful and commonly used features is the stored procedure. A stored procedure is a set of SQL statements that are precompiled and stored in the database and can accept input parameters, perform operations, and return results. Let's explore what a stored procedure is and how to create one.

Image description

Introduction to stored procedures

Stored procedures may sound like a complex term, but they are the basis of efficient database management. Let's start with its definition.

What is a stored procedure?

A stored procedure is a series of SQL statements that are predefined and stored on the database server. When you need to perform these operations, you can execute them by calling the name of the stored procedure instead of sending multiple separate query commands.

Here is a simplified example showing how to create a simple stored procedure in SQL Server:

CREATE PROCEDURE procedure_name
AS
BEGIN
   -- SQL statements
END
Enter fullscreen mode Exit fullscreen mode

Here are some of the key components of a stored procedure:

  • Input parameters: These are values passed to a stored procedure from the outside to customize the behavior of the stored procedure. Input parameters allow a stored procedure to perform different actions based on different conditions.
  • Output parameters: Similar to input parameters, output parameters are also part of a stored procedure, but their role is to return values to the caller rather than receive values.
  • Local variables: These are variables declared within a stored procedure and are used to store intermediate results or calculated values during execution. Local variables are only visible within the context of a stored procedure and can be assigned multiple times during its lifetime.
  • SQL statements: These make up the core logic of a stored procedure, including but not limited to querying, inserting, updating, and deleting data.

These components work together to make stored procedures a reusable and efficient way to perform database operations. By encapsulating common database tasks in stored procedures, you can simplify application development while improving performance and security.

Image description

How stored procedures work

Stored procedures are executed inside the database server, which means they can complete operations more efficiently and execute faster than if multiple queries were sent one after another from the client. Additionally, using stored procedures can significantly reduce network traffic because only the final result set needs to be transferred from the server to the client, rather than the results of each individual query back and forth. In this way, it not only improves the speed of data processing, but also reduces the use of network bandwidth.

Role in Database Management

Stored procedures play a central role in database management because they centrally store business logic on the database server. Doing so ensures that critical operations are always performed in a consistent, secure, and efficient manner. Specifically, stored procedures help:

  • Maintaining data integrity: By ensuring that all data operations follow predetermined rules and constraints, stored procedures help maintain data integrity and consistency.
  • Enforcing business logic: Encapsulating complex business rules in stored procedures ensures that these rules are strictly enforced and will not be affected by changes in client code.
  • Simplifying database interaction: By providing an interface that encapsulates complex operations, stored procedures reduce the complexity of application-database interaction, making development and maintenance easier.

Benefits of using stored procedures

There are several key advantages to using stored procedures:

  1. Enhanced performance:
  • Precompiled stored procedures execute faster.
  • Improved response speed and more efficient use of server resources.
  1. Reusability and maintainability:
  • Stored procedures can be called multiple times to reduce code duplication.
  • Updates to stored procedures will take effect in all places where they are used, ensuring consistency and reducing errors.
  1. Data security:
  • Control database access and limit the ability to directly operate tables.
  • Provide a security layer through stored procedures to prevent unauthorized access and malicious attacks.

Common commands used with stored procedures

Now let's look at useful commands that pair with stored procedures.

CREATE PROCEDURE

As mentioned earlier, this command is used to define a new stored procedure in the database. Here is an example of a stored procedure using this function:

Suppose we have a table called "Employees" with the following columns:

  • EmployeeID
  • FirstName
  • LastName
  • DepartmentID
  • Salary

We want to create a stored procedure to retrieve all the employees belonging to a specific department.

CREATE PROCEDURE GetEmployeesByDepartment
   @DepartmentID INT
AS
BEGIN
   SELECT EmployeeID, FirstName, LastName, DepartmentID, Salary
   FROM Employees
   WHERE DepartmentID = @DepartmentID;
END;
Enter fullscreen mode Exit fullscreen mode

EXEC

This command is used to execute a stored procedure. It can also be used to pass input and output parameters. For our previous example, the "EXEC" command would look like this:

EXEC GetEmployeesByDepartment @DepartmentID = 1;
Enter fullscreen mode Exit fullscreen mode

ALTER PROCEDURE

This command allows you to modify an existing stored procedure without dropping and recreating it. Continuing with the previous example, if we want to modify the stored procedure named "GetEmployeesByDepartment" to add an additional salary filter, that is, we want to retrieve information about employees in a specific department whose salary is greater than a certain amount.

Here is an example:

ALTER PROCEDURE GetEmployeesByDepartment
   @DepartmentID INT,
   @MinSalary DECIMAL(10, 2)
AS
BEGIN
   SELECT EmployeeID, FirstName, LastName, DepartmentID, Salary
   FROM Employees
   WHERE DepartmentID = @DepartmentID AND Salary > @MinSalary;
END;
Enter fullscreen mode Exit fullscreen mode

DROP PROCEDURE

If a stored procedure is no longer needed, you can remove it from the database using the DROP PROCEDURE command.

DROP PROCEDURE GetEmployeesByDepartment
Enter fullscreen mode Exit fullscreen mode

How to Create and Use Stored Procedures

We will look at creating and using stored procedures in three areas:

  • MySQL
  • SQL Server
  • Oracle

MySQL

Creating stored procedures in MySQL is fairly simple. You define the procedure, specify parameters, and write SQL code using the "CREATE PROCEDURE" statement.

You can do this:

Step 1: Create an Employee Table

First, let's create a sample employee table to populate with the data we're going to use.

CREATE TABLE Employees (
   EmployeeID INT PRIMARY KEY AUTO_INCREMENT,
   FirstName VARCHAR(50),
   LastName VARCHAR(50),
   DepartmentID INT,
   Salary DECIMAL(10, 2)
);
Enter fullscreen mode Exit fullscreen mode

Step 2: Insert sample data

Insert some sample data into the Employees table.

INSERT INTO Employees (FirstName, LastName, DepartmentID, Salary)
VALUES
('John', 'Doe', 1, 60000),
('Jane', 'Smith', 2, 65000),
('Sam', 'Brown', 1, 62000),
('Sue', 'Green', 3, 67000);
Enter fullscreen mode Exit fullscreen mode

Step 3: Create a stored procedure

Let us create a stored procedure to retrieve employees based on their department.

CREATE PROCEDURE GetEmployeesByDepartment(IN depID INT)
BEGIN
   SELECT EmployeeID, FirstName, LastName, DepartmentID, Salary
   FROM Employees
   WHERE DepartmentID = depID;
END;
Enter fullscreen mode Exit fullscreen mode

Image description

Step 4: Call the stored procedure

To call the stored procedure and retrieve the employees of a specific department, use the CALL statement.

CALL GetEmployeesByDepartment(1);
Enter fullscreen mode Exit fullscreen mode

Image description

SQL Server

In SQL Server, the creation and execution of stored procedures is slightly different, but not drastically changed. Here is an example:

Step 1: Create the Employees Table

First, let's create a sample Employees table.

CREATE TABLE Employees (
   EmployeeID INT PRIMARY KEY IDENTITY(1,1),
   FirstName NVARCHAR(50),
   LastName NVARCHAR(50),
   DepartmentID INT,
   Salary DECIMAL(10, 2)
);
Enter fullscreen mode Exit fullscreen mode

Step 2: Insert Sample Data

Next, we will insert some sample data into the Employees table.

INSERT INTO Employees (FirstName, LastName, DepartmentID, Salary)
VALUES
('John', 'Doe', 1, 60000),
('Jane', 'Smith', 2, 65000),
('Sam', 'Brown', 1, 62000),
('Sue', 'Green', 3, 67000);
Enter fullscreen mode Exit fullscreen mode

Step 3: Create a stored procedure

Let us create a stored procedure to retrieve employees based on their department.

CREATE PROCEDURE GetEmployeesByDepartment
   @DepartmentID INT
AS
BEGIN
   SELECT EmployeeID, FirstName, LastName, DepartmentID, Salary
   FROM Employees
   WHERE DepartmentID = @DepartmentID;
END;
Enter fullscreen mode Exit fullscreen mode

Image description

Step 4: Execute the stored procedure

To execute the stored procedure and retrieve the employees of a specific department, use the EXEC statement.

EXEC GetEmployeesByDepartment @DepartmentID = 1;
Enter fullscreen mode Exit fullscreen mode

Image description

Oracle

Oracle also supports stored procedures. Here is a step-by-step guide on how to implement them in Oracle using SQL.

Step 1: Create an Employee Table

First, let's create a sample Employees table.

CREATE TABLE Employees (
   EmployeeID NUMBER PRIMARY KEY,
   FirstName VARCHAR2(50),
   LastName VARCHAR2(50),
   DepartmentID NUMBER,
   Salary NUMBER(10, 2)
);
Enter fullscreen mode Exit fullscreen mode

Step 2: Insert Sample Data

Next, we insert some sample data into the employee table to create a dataset.

INSERT INTO Employees (EmployeeID, FirstName, LastName, DepartmentID, Salary)
VALUES(1, 'John', 'Doe', 1, 60000);
INSERT INTO Employees (EmployeeID, FirstName, LastName, DepartmentID, Salary)
VALUES(2, 'Jane', 'Smith', 2, 65000);
INSERT INTO Employees (EmployeeID, FirstName, LastName, DepartmentID, Salary)
VALUES(3, 'Sam', 'Brown', 1, 62000);
INSERT INTO Employees (EmployeeID, FirstName, LastName, DepartmentID, Salary)
VALUES(4, 'Sue', 'Green', 3, 67000);
Enter fullscreen mode Exit fullscreen mode

Step 3: Create a stored procedure

Let us create a stored procedure to retrieve employees based on their department.

CREATE OR REPLACE PROCEDURE GetEmployeesByDepartment (
   p_DepartmentID IN NUMBER
)
AS
BEGIN
   FOR r IN (SELECT EmployeeID, FirstName, LastName, DepartmentID, Salary
             FROM Employees
             WHERE DepartmentID = p_DepartmentID)
   LOOP
       DBMS_OUTPUT.PUT_LINE('EmployeeID: ' || r.EmployeeID ||
                            ', FirstName: ' || r.FirstName ||
                            ', LastName: ' || r.LastName ||
                            ', DepartmentID: ' || r.DepartmentID ||
                            ', Salary: ' || r.Salary);
   END LOOP;
END;
Enter fullscreen mode Exit fullscreen mode

Image description

Designing stored procedures: best practices

After wrapping up this hands-on introduction, let's look at some best practices for designing stored procedures.

Using parameterized queries

Parameterized queries in stored procedures help prevent SQL injection attacks. Always use parameters instead of concatenating user input directly into SQL statements.

For example, don't use this:

SELECT * FROM Products WHERE ProductID = '101';
Enter fullscreen mode Exit fullscreen mode

Use this:

DECLARE p_ProductID INT;
SET p_ProductID = 101;
SELECT * FROM Products WHERE ProductID = p_ProductID;
Enter fullscreen mode Exit fullscreen mode

Limit access to underlying tables

As mentioned earlier, stored procedures can act as a security layer by limiting direct access to underlying tables. This reduces the risk of sensitive data being exposed.

Optimize SQL code

To ensure that stored procedures run efficiently, they should be optimized for performance. This means reducing unnecessary calculations and making good use of indexes. You can improve query efficiency by analyzing the query execution plan to identify and resolve performance bottlenecks.

For example, you should avoid using "SELECT *" to retrieve all fields in a table because this increases the amount of data transferred and reduces efficiency. Instead, you should select only the fields you need to narrow the scope of data retrieval to improve performance.

Document your stored procedures

Documenting code also applies to the writing of stored procedures. This is essential for other developers to understand the role and function of each procedure. It also promotes consistent naming conventions and coding styles.

This process can be achieved by adding comments to stored procedures or maintaining separate documentation. For example:

-- This stored procedure retrieves all orders for a specific customer
CREATE PROCEDURE GetCustomerOrders
   @CustomerID INT
AS
BEGIN
   SELECT * FROM Orders WHERE CustomerID = @CustomerID;
END
/*
Stored Procedure Name: GetCustomerOrders
Purpose: Retrieve all orders associated with a given customer ID.
Input Parameters:
CustomerID: The ID of the customer whose orders are being retrieved.
Output: A list of order records from the Orders table
*/
Enter fullscreen mode Exit fullscreen mode

Maintain version control

Version control is critical for managing and tracking changes to stored procedures. It is helpful to maintain a repository that contains the complete history of changes to stored procedure scripts and their documentation. This not only makes it easier to keep track of all modifications, but also ensures consistency across different deployment environments.

Final thoughts

Stored procedures are an efficient and secure means of database management. They offer a number of benefits that, when used with the right best practices, can significantly increase the efficiency and effectiveness of data analysis within an organization.


Community

Go to Chat2DB website
🙋 Join the Chat2DB Community
🐦 Follow us on X
📝 Find us on Discord

. . . . . . .