Sunday, May 1, 2011

Using Stored Procedures with ASP.NET

Introduction
Stored procedures (sprocs) are generally an ordered series of Transact-SQL statements bundled into a single logical unit. They allow for variables and parameters, as well as selection and looping constructs. A key point is that sprocs are stored in the database rather than in a separate file.

Advantages over simply sending individual statements to the server include:
  1. Referred to using short names rather than a long string of text; therefore, less network traffiic is required to run the code within the sproc.
  2. Pre-optimized and precompiled, so they save an incremental amount of time with each sproc call/execution.
  3. Encapsulate a process for added security or to simply hide the complexity of the database.
  4. Can be called from other sprocs, making them reusable and reducing code size.
Parameterization

A stored procedure gives us some procedural capability, and also gives us a performance boost by using mainly two types of parameters:

  • Input parameters
  • Output parameters
From outside the sproc, parameters can be passed in either by position or reference.

Declaring Parameters

  1. The name
  2. The datatype
  3. The default value
  4. The direction
The syntax is :                     

@parameter_name [AS] datatype [= default|NULL] [VARYING] [OUTPUT|OUT]

Let's now create a stored procedure named "Submitrecord".

First open Microsoft SQL Server -> Enterprise Manager, then navigate to the database in which you want to create the stored procedure and select New Stored Procedure.



See the below Stored Procedure Properties for what to enter, then click OK.



Now create an application named Store Procedure in .net to use the above sprocs.

Stored Procedure.aspx page code

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1transitional.dtd">
<
html xmlns="http://www.w3.org/1999/xhtml" >
<
head runat="server"><title>Store Procedure</title>
</
head>
<
body><form id="form1" runat="server"><div><asp:Label ID="Label1" runat="server" Text="ID"></asp:Label><asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br /><br /><asp:Label ID="Label2" runat="server" Text="Password"></asp:Label><asp:TextBox ID="TextBox2" runat="server"></asp:TextBox><br /><br /><asp:Label ID="Label3" runat="server" Text="Confirm Password"></asp:Label><asp:TextBox ID="TextBox3" runat="server"></asp:TextBox><br /><br /><asp:Label ID="Label4" runat="server" Text="Email ID"></asp:Label><asp:TextBox ID="TextBox4" runat="server"></asp:TextBox><br /><br /><br /><asp:Button ID="Button1" runat="server" Text="Submit Record" OnClick="Button1_Click" /></div></form>
</
body>
</
html>

Stored Procedure.aspx.cs page code
using System;using System.Data;using System.Configuration;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;using System.Data.SqlClient;public partial class _Default : System.Web.UI.Page
{
    
DataSet ds = new DataSet();
    
SqlConnection con;
     //Here we declare the parameter which we have to use in our application
    
SqlCommand cmd = new SqlCommand();
    
SqlParameter sp1 = new SqlParameter();
    
SqlParameter sp2 = new SqlParameter();
    
SqlParameter sp3 = new SqlParameter();
    
SqlParameter sp4 = new SqlParameter();
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)

{
     con =
new SqlConnection("server=(local); database= gaurav;uid=sa;pwd=");
     cmd.Parameters.Add(
"@ID", SqlDbType.VarChar).Value = TextBox1.Text;
     cmd.Parameters.Add(
"@Password", SqlDbType.VarChar).Value = TextBox2.Text;
     cmd.Parameters.Add(
"@ConfirmPassword", SqlDbType.VarChar).Value = TextBox3.Text;
     cmd.Parameters.Add(
"@EmailID", SqlDbType.VarChar).Value = TextBox4.Text;
     cmd =
new SqlCommand("submitrecord", con);
     cmd.CommandType =
CommandType.StoredProcedure;
     con.Open();
     cmd.ExecuteNonQuery();
     con.Close();
}
}

When we run the application, the window will look like this:



After clicking the submit button the data is appended to the database as seen below in the SQL Server table record:

How to Create Stored Procedure in MSSqlServer2005

Creating Stored Procedures
Writing stored procedures has never been easy as Microsoft has almost integrated SQL Server with Visual Studio 2005. In the past most of the developers has wondered can’t we have a good editor for creating stored procedures. One of the main advantage of creating procedures in Visual Studio is it creates the basic stub for you and further more, it has inbuilt syntax checking which makes the job easier for us.
In order to create a stored procedure from Visual Studio, first you need to create a data connection from the Server Explorer and follow the below steps.
Step 1: Open Visual Studio 2005.

Step 2: Create a VB.NET / C# Windows / Web Application  Project.

Step 3: Open the Server Explorer by Selecting View -> Server Explorer.

stored_procedures_VB.NET

Step 4: Create a Data Connection to your server you can do this by Right Clicking on the Data Connection Tree and Selecting “Add New Connection”.

Step 5: It will Prompt for the Provider Type you can select .NET SQL Server Provider as it gives more performance.

Step 6: After giving all the credentials once the connection is active expand the database that you are having.

Step 7: Expand the Stored Procedure Tree.

Step 8: To Create a New Procedure Right Click and Select “Add New Procedure”.

Step 9: The IDE will give you a Stub where you can replace the Name of the Procedure and Arguments.

Those who are familiar with Visual Studio IDE would love to create procedures here rather then doing it in Query Analyzer or in SQL Enterprise Manager, though it doesn’t provide any fancy auto complete drop downs its still the best I believe to create stored procedures.

TIP: The Maximum number of parameters in a stored procedure is 2100.

Calling Stored Procedure
Hope everyone have used SQLCommand / OLEDB Command objects in .NET. Here we can call stored procedures in two different forms, one without using parameter objects which is not recommended for conventional development environments, the other one is the familiar model of using Parameters.
In the first method you can call the procedure using Exec command followed by the procedure name and the list of parameters, which doesn’t need any parameters.

Example:
Dim SQLCon As New SqlClient.SqlConnection
SQLCon.ConnectionString = "Data Source=Server;User ID=User;Password=Password;"
SQLCon.Open()


Calling Stored Procedures with Exec command

SQLCmd.CommandText = "Exec SelectRecords 'Test', 'Test', 'Test'"
SQLCmd.Connection = SQLCon 'Active Connection


The second most conventional method of calling stored procedures is to use the parameter objects and get the return values using them. In this method we need to set the “SQLCommandType” to “StoredProcedure” remember you need to set this explicitly as the the default type for SQLCommand is SQLQuery”.
Here is an example to call a simple stored procedure.

Example - I (A Stored Procedure Returns Single Value)
In order to get XML Results from the Stored Procedure you need to first ensure that your stored procedure is returning a valid XML. This can be achieved using FOR XML [AUTO | RAW | EXPLICIT] clause in the select statements. You can format XML using EXPLICIT Keyword, you need to alter your Query accordingly
'Set up Connection object and Connection String for a SQL Client
Dim SQLCon As New SqlClient.SqlConnection
SQLCon.ConnectionString = "Data Source=Server;User ID=User;Password=Password;"
SQLCon.Open()

SQLCmd.CommandText = "SelectRecords" ' Stored Procedure to Call
SQLCmd.CommandType = CommandType.StoredProcedure 'Setup Command Type
SQLCmd.Connection = SQLCon 'Active Connection


The procedure can be called by adding Parameters in at least two different methods, the simplest way to add parameters and respective values is using

SQLCmd.Parameters.AddWithValue("S_Mobile", "Test")
SQLCmd.Parameters.AddWithValue("S_Mesg", "Test")
SQLCmd.Parameters.AddWithValue("LastMsgID", "")

In this above method, you doesn’t necessarily know the actually data type that you had in your procedure and all parameters are validated according to the type declared in your procedure but only thing is all the validations will occur in SQL and not in your client code.
We still need to declare the last parameter as Output and we need to do that explicitly as the default type is Input. So here we are going to declare the last parameter as Output by
SQLCmd.Parameters("LastMsgID").Direction = ParameterDirection.Outputfs

If you want to declare parameters properly then you need to use the below method to add all the parameters with its data type, direction. Also if you are using stored procedures to update all the rows in a dataset then you need to declare parameters in the below fashion and give SouceColumn value as the Column name in the DataTable.
SQLCmd.Parameters.Add(New SqlClient.SqlParameter("S_Mobile", SqlDbType.VarChar, 10, ParameterDirection.Input, False, 30, 0, "", DataRowVersion.Current, "91000000000"))

SQLCmd.Parameters.Add(New SqlClient.SqlParameter("S_Mesg", SqlDbType.VarChar, 160, ParameterDirection.Input, False, 30, 0, "", DataRowVersion.Current, "Calling Stored Procedures from VB.NET"))

SQLCmd.Parameters.Add(New SqlClient.SqlParameter("LastMsgID", SqlDbType.BigInt, 5, ParameterDirection.Output, False, 5, 0, "", DataRowVersion.Current, 0))
' The Above Procedure has two input parameters and one output parameter you can notice the same in the “Parameter Direction”
SQLCmd.ExecuteNonQuery() 'We are executing the procedure here by calling Execute Non Query.

MsgBox(SQLCmd.Parameters("LastMsgID").Value) 'You can have the returned value from the stored procedure from this statement. Its all similar to ASP / VB as the only difference is the program structure.

Example - II (Stored Procedure to get Table Result Set)
In order to get the result sets from the stored procedure, the best way is to use a DataReader to get the results. In this example we are getting the results from the Stored Procedure and filling the same in a DataTable.

Here we need to additionally declare a SQLDataReader and DataTable

Dim SQLDBDataReader As SqlClient.SqlDataReader
Dim SQLDataTable As New DataTable

SQLCmd.CommandText = "GetAuthors"
SQLCmd.CommandType = CommandType.StoredProcedure
SQLCmd.Connection = SQLCon
SQLCmd.Parameters.Add(New SqlClient.SqlParameter("AuthorName", SqlDbType.VarChar, 100, ParameterDirection.Input, False, 30, 0, "", DataRowVersion.Current, "Y%")) SQLDBDataReader = SQLCmd.ExecuteReader() SQLDataTable.Columns.Add("AuthorName", GetType(Int32), "") SQLDataTable.Columns.Add("AuthorLocation", GetType(String), "")

Dim FieldValues(1) As Object 'A Temporary Variable to retrieve all columns in a row and fill them in Object array

While (SQLDBDataReader.Read)
SQLDBDataReader.GetValues(FieldValues)
      SQLDataTable.Rows.Add(FieldValues)

End While
Example - III (Calling Simple Stored Procedure to get XML Result Set)
In order to get XML Results from the Stored Procedure you need to first ensure that your stored procedure is returning a valid XML. This can be achieved using FOR XML [AUTO | RAW | EXPLICIT] clause in the select statements. You can format XML using EXPLICIT Keyword, you need to alter your Query accordingly.
CREATE PROCEDURE GetRecordsXML (@AuthorName varchar(100))
AS

Select Author_ID, Author_Name, Author_Location Where Author_Name LIKE  @AuthorName from Authors FOR XML AUTO

RETURN


When you use the above procedure you can get XML Results with TableName as Element and Fields as Attributes

Dim SQLXMLReader As Xml.XmlReader

SQLCmd.CommandText = "GetAuthorsXML"
SQLCmd.CommandType = CommandType.StoredProcedure
SQLCmd.Connection = SQLCon
SQLCmd.Parameters.Add(New SqlClient.SqlParameter("AuthorName", SqlDbType.VarChar, 100, ParameterDirection.Input, False, 30, 0, "", DataRowVersion.Current, "Y%"))
SQLDBDataReader = SQLCmd.ExecuteReader()

SQLXMLReader = SQLCmd.ExecuteXmlReader()
While (SQLXMLReader.Read)
    MsgBox(SQLXMLReader.ReadOuterXml)
End While


You can further process this XML or write XSL to display results in a formatted manner. But in order to get formatted XML Results, we need to use EXPLICIT case which we can see in our next article on SQL Queries & XML.