I need to create a SQL query to return data from a table and use condition in where but I where not have not have fixed condition, may be condition have 2 or 3 parameters, I want to avoid the IF #PARAMETER >0. I want to use a better and cleaner way to solve it.
This is my query :
CREATE PROCEDURE GetAllUsers(#p1 , #p2 , #p3 , #p4)
AS
BEGIN
SELECT
firstName,
lastName,
email
FROM
[USERS]
WHERE
id = #p4 AND firstName = #p2
END
How can I solve this issue?
You can use COALESCE to make a parameter equal to the column it is being compared against when it is NULL, so that the test passes if you pass NULL for the parameter value. For example:
SELECT
firstName,
lastName,
email
FROM [USERS]
WHERE id=COALESCE(#p4,id) AND firstName=COALESCE(#p2,firstName)
So when calling your procedure and wanting to fetch all John regardless of id you would use
GetAllUsers('somevalue' , 'John' , 'someothervalue' , NULL)
You can pass NULL to parameter which are not required and write your query like following.
SELECT firstName, lastName, email
FROM [USERS]
WHERE (
#p4 IS NULL
OR id = #p4
)
AND (
#p2 IS NULL
OR firstName = #p2
)
Similarly you can build your query by adding other parameter.
NOTE: Syntax of your CREATE PROCEDURE is not correct, you need to mention the datatype of the parameters.
You can also use the default values to your parameters. Your final SP should look like following
CREATE PROCEDURE GetAllUsers (
#p1 INT = NULL
,#p2 VARCHAR(100) = NULL
,#p3 VARCHAR(100) = NULL
,#p4 VARCHAR(100) = NULL
)
AS
BEGIN
SELECT firstName
,lastName
,email
FROM [USERS]
WHERE (
#p4 IS NULL
OR id = #p4
)
AND (
#p2 IS NULL
OR firstName = #p2
)
--Add remaining conditions
END
Related
At first I should say I am newbie in SQL functions or store procedures, I want to know how can I create a sql function or store procedures with some filters and sorting but at least it return just a pure select without showing filters and sorts
I mean I want to create something like this function :
function {
SELECT * FROM Customers
Where (ID = #p1)
ORDER BY #P2 DESC;
}
but it returns just this select commend to me :
SELECT * FROM Customers
but what it returns filtered and sorted.
how can I do this? I should do this with functions or store procedures?
You could use a Stored Procedure or a table-valued function:
CREATE PROCEDURE MyProc #P1 int, #P2 int as
BEGIN
SELECT FirstName, LastName, LastOrderNum, LastPurchaseDate
FROM Customers
WHERE ID = #P1
ORDER BY CASE WHEN #P2 = 0 THEN LastName ELSE LastPurchaseDate END DESC;
END
usage: exec MyProc 10, 1;
Or:
CREATE FUNCTION my_schema.MyTableFun (#P1 int, #P2 int)
RETURNS TABLE
AS
RETURN
SELECT TOP 100 PERCENT FirstName, LastName, LastOrderNum, LastPurchaseDate
FROM Customers
WHERE ID = #P1
ORDER BY CASE WHEN #P2 = 0 THEN LastName ELSE LastPurchaseDate END DESC;
usage:
SELECT * FROM my_schema.MyTableFun(10, 1);
I have two fields (#EmployeeId,#SSOId) out of which one value can come or both can come, but when i am applying OR condition it is not giving me correct output. What i am doing wrong ?
ALTER PROCEDURE [dbo].[usp_User_GetDetails] (
#UserId INT = NULL
,#ADSId NVARCHAR(32) = NULL
,#EmployeeId NVARCHAR(32) = NULL
,#SSOId NVARCHAR(32) = NULL
,#UserName NVARCHAR(100) = NULL
)
AS
*/
SET NOCOUNT ON;
BEGIN
SELECT [USER_ID] AS UserId
,[FIRST_NM] AS FirstName
,[LST_NM] AS LastName
,[FULL_NM] AS FullName
,[ADS_USER_ID] AS ADSId
,[SEG_ID] AS SegmentId
,[PHONE_NO] AS PhoneNo
,[FAX_NO] AS FaxNo
,[EMP_ID] AS EmployeeId
,[EMAIL_AD_TX] AS Email
,[SSO_ID] AS SSOId
,[SFDC_IN] AS IsSFDC
,[USER_SFDC_ID] AS UserSFDCId
,[MGR_SFDC_ID] AS ManagerSFDCId
,[ACT_IN] AS IsActive
,[SYS_USER_IN] AS IsSystemUser
,[PORFOLIO_OWN_IN] AS CanHavePortfolio
,[MGR_ID] AS ManagerId
,[LST_LOG_IN_TS] AS LastLoginDate
,[EMP_BAND_TX] AS Band
,[CREAT_TS] AS CreatedDate
,[CREAT_BY_USER_ID] AS CreatedBy
,[LST_UPDT_TS] AS UpdatedDate
,[LST_UPDT_BY_USER_ID] AS UpdatedBy
FROM [dbo].[USER] WITH (NOLOCK)
WHERE ([EMP_ID] = ISNULL(#EmployeeId, [EMP_ID])OR [SSO_ID] = ISNULL(#SSOId, [SSO_ID])
AND [ADS_USER_ID] = ISNULL(#ADSId, [ADS_USER_ID])
AND [USER_ID] = ISNULL(#UserId, [USER_ID])
AND [FULL_NM] LIKE CASE
WHEN #UserName IS NOT NULL
THEN '%' + #UserName + '%'
ELSE [FULL_NM]
END
END
I don't think the parentheses are balanced correctly. In any case, I would write this without the ISNULL():
WHERE ((#EmployeeId IS NULL OR EMP_ID = #EmployeeId) OR
(#SSOId IS NULL OR SSO_ID = #SSOId)
) AND
(#ADSId IS NULL OR ADS_USER_ID = #ADSId) AND
(#UserId IS NULL OR USER_ID = #UserId) AND
(#UserName IS NULL OR FULL_NM LIKE '%' + #UserName + '%')
I am guessing that the OR is for the first two conditions. This is where the parens don't seem to line up in the query in the question.
I prefer this construct for two reasons. First, it handles NULL values in the column values as well as the parameter values. And second -- because it is more general -- it is one of the standard two ways I use to handle optional parameters (the other is to use dynamic SQL which can make use of indexes).
Query seems to be okay .Are you passing DBNull from you C# code or empty text
WHERE (#EmployeeId IS NULL OR (EMP_ID = #EmployeeId))
AND (#SSOId IS NULL OR (SSO_ID = #SSOId))
AND [ADS_USER_ID] = ISNULL(#ADSId, [ADS_USER_ID])
AND [USER_ID] = ISNULL(#UserId, [USER_ID])
AND [FULL_NM] LIKE CASE
WHEN #UserName IS NOT NULL
THEN '%' + #UserName + '%'
ELSE [FULL_NM]
Used this script
WHERE EMP_ID = CASE WHEN ISNULL(#EmployeeId,0) > 0 THEN #EmployeeId ELSE EMP_ID END AND SSO_ID = CASE WHEN ISNULL(#SSOId,0) > 0 THEN #SSOId ELSE SSO_ID END
I want to get a parameter from a select clause in one time, instead of two selects.
Currently, I'm doing this :
SELECT
Idx_Pro,
Name,
Mail,
IsValidateUser
FROM
MyTable
WHERE
[Mail] = #Mail
AND
[Password] = #password
If (##ROWCOUNT > 0)
SET #Id_output = (SELECT Id_User
FROM MyTable
WHERE [Mail] = #Mail
AND [Password] = #password
)
I tried this :
DECLARE #Id_output int
SELECT
[#Id_output] = Idx_Pro,
...
FROM MyTable
...
But I can't get it ...
Is it even possible to get only one column in a variable ? (My select returns only one row)
thanks,
TonyFlow
Are you looking to both return the 4 column result and assign to the variable in one operation? If so that isn't possible. You could assign all the column values to variables or parameters then select those to return the result set though.
DECLARE #Idx_Pro INT,
#Name VARCHAR(50),
#IsValidateUser BIT
SELECT #Idx_Pro = Idx_Pro,
#Name = Name,
#IsValidateUser = IsValidateUser
FROM MyTable
WHERE [Mail] = #Mail
AND [Password] = #password
/*No intermediate statement can be placed here as it will reset ##ROWCOUNT*/
SELECT #Idx_Pro AS Idx_Pro,
#Name AS Name,
#Mail AS Mail,
#IsValidateUser AS IsValidateUser
WHERE ##ROWCOUNT > 0
This question already has answers here:
Stored Procedure with optional "WHERE" parameters
(6 answers)
Closed 4 years ago.
Lets suppose there is a stored procedure that has 3 params. Out of all the possibilities, I'm looking to achieve this with a single WHERE clause without getting out of control with using () AND () OR () too much...
Example:
//Params
#CITY VARCHAR(100) = NULL,
#GENDER VARCHAR(100) = NULL,
#AGE VARCHAR(100) = NULL
I suppose you can do it using IF BEGIN ... END for each Variable if Exists, but that makes the code alot longer than desired..
This method below won't work because its way too long (there are about 10 different fields like this, but the example is only 3.) and i'm not sure if it even directly pulls up distinctive values...
SELECT NAME FROM TABLE
WHERE (
(CITY=#CITY AND GENDER=#GENDER AND AGE=#AGE)
OR (CITY=#CITY AND GENDER=#GENDER)
OR (GENDER=#GENDER AND AGE=#AGE)
OR (CITY=#CITY AND AGE=#AGE)
OR (CITY=#CITY)
OR (GENDER=#GENDER)
OR (AGE=#AGE)
)
Is there an even shorter more efficient way to do this?
If yes, it is preferable for the method to be compatible with JOIN's also.
Alternatively to the ISNULL / COALESCE options, you can test the parameters for being null:
SELECT NAME
FROM TABLE
WHERE
(#City IS NULL OR City = #City)
AND
(#Gender IS NULL OR Gender = #Gender)
AND
(#Age IS NULL OR Age = #Age)
what about this?
SELECT
NAME
FROM TABLE
WHERE CITY = COALESCE(#CITY, CITY)
AND GENDER = COALESCE(#GENDER, GENDER)
AND AGE = COALESCE(#AGE, AGE)
Try something like this:
SELECT NAME
FROM TABLE
WHERE
City = IsNull(#City, City) AND
Gender = IsNull(#Gender, Gender) AND
Age = IsNull(#Age, Age)
OR:
SELECT NAME
FROM TABLE
WHERE
(City = #City OR #City IS NULL) AND
(Gender = #Gender OR #Gender IS NULL) AND
(Age = #Age OR #Age IS NULL)
SELECT NAME
FROM TABLE
WHERE
City = case when isnull(#City ,'') = '' then City
else #City end
AND
Gender = case when isnull(#Gender ,'') = '' then Gender
else #Gender end
AND
Age = case when isnull(#Age ,0) = 0 then Age
else #Age end
Possibly this:
create procedure myProc
--Params
#CITY VARCHAR(100) = NULL,
#GENDER VARCHAR(100) = NULL,
#AGE VARCHAR(100) = NULL
as
SELECT NAME FROM [TABLE]
WHERE ISNULL(CITY,'')=ISNULL(#CITY,ISNULL(CITY,''))
AND ISNULL(GENDER,'')=ISNULL(#GENDER,ISNULL(GENDER,''))
AND ISNULL(AGE,'')=ISNULL(#AGE,ISNULL(AGE,''))
go
Assuming the columns in the WHERE clause are nullable, using ISNULL to avoid null comparison.
I'm working on an application for work that is going to query our employee database. The end users want the ability to search based on the standard name/department criteria, but they also want the flexibility to query for all people with the first name of "James" that works in the Health Department. The one thing I want to avoid is to simply have the stored procedure take a list of parameters and generate a SQL statement to execute, since that would open doors to SQL injection at an internal level.
Can this be done?
While the COALESCE trick is neat, my preferred method is:
CREATE PROCEDURE ps_Customers_SELECT_NameCityCountry
#Cus_Name varchar(30) = NULL
,#Cus_City varchar(30) = NULL
,#Cus_Country varchar(30) = NULL
,#Dept_ID int = NULL
,#Dept_ID_partial varchar(10) = NULL
AS
SELECT Cus_Name
,Cus_City
,Cus_Country
,Dept_ID
FROM Customers
WHERE (#Cus_Name IS NULL OR Cus_Name LIKE '%' + #Cus_Name + '%')
AND (#Cus_City IS NULL OR Cus_City LIKE '%' + #Cus_City + '%')
AND (#Cus_Country IS NULL OR Cus_Country LIKE '%' + #Cus_Country + '%')
AND (#Dept_ID IS NULL OR Dept_ID = #DeptID)
AND (#Dept_ID_partial IS NULL OR CONVERT(varchar, Dept_ID) LIKE '%' + #Dept_ID_partial + '%')
These kind of SPs can easily be code generated (and re-generated for table-changes).
You have a few options for handling numbers - depending if you want exact semantics or search semantics.
The most efficient way to implement this type of search is with a stored procedure. The statement shown here creates a procedure that accepts the required parameters. When a parameter value is not supplied it is set to NULL.
CREATE PROCEDURE ps_Customers_SELECT_NameCityCountry
#Cus_Name varchar(30) = NULL,
#Cus_City varchar(30) = NULL,
#Cus_Country varchar(30) =NULL
AS
SELECT Cus_Name,
Cus_City,
Cus_Country
FROM Customers
WHERE Cus_Name = COALESCE(#Cus_Name,Cus_Name) AND
Cus_City = COALESCE(#Cus_City,Cus_City) AND
Cus_Country = COALESCE(#Cus_Country,Cus_Country)
Taken from this page: http://www.sqlteam.com/article/implementing-a-dynamic-where-clause
I've done it before. It works well.
Erland Sommarskog's article Dynamic Search Conditions in T-SQL is a good reference on how to do this. Erland presents a number of strategies on how to do this without using dynamic SQL (just plain IF blocks, OR, COALESCE, etc) and even lists out the performance characteristics of each technique.
In case you have to bite the bullet and go through the Dynamic SQL path, you should also read Erland's Curse and Blessings of Dynamic SQL where he gives out some tips on how to properly write dynamic SQLs
It can be done, but usually these kitchen-sink procedures result in some poor query plans.
Having said all that, here is the tactic most commonly used for "optional" parameters. The normal approach is to treat NULL as "ommitted".
SELECT
E.EmployeeID,
E.LastName,
E.FirstName
WHERE
E.FirstName = COALESCE(#FirstName, E.FirstName) AND
E.LastName = COALESCE(#LastName, E.LastName) AND
E.DepartmentID = COALESCE(#DepartmentID, E.DepartmentID)
EDIT:
A far better approach would be parameterized queries.
Here is a blog post from one of the world's foremost authorities in this domain, Frans Bouma from LLBLGen Pro fame:
Stored Procedures vs. Dynamic Queries
Using the COALESCE method has a problem in that if your column has a NULL value, passing in a NULL search condition (meaning ignore the search condition) will not return the row in many databases.
For example, try the following code on SQL Server 2000:
CREATE TABLE dbo.Test_Coalesce (
my_id INT NOT NULL IDENTITY,
my_string VARCHAR(20) NULL )
GO
INSERT INTO dbo.Test_Coalesce (my_string) VALUES (NULL)
INSERT INTO dbo.Test_Coalesce (my_string) VALUES ('t')
INSERT INTO dbo.Test_Coalesce (my_string) VALUES ('x')
INSERT INTO dbo.Test_Coalesce (my_string) VALUES (NULL)
GO
DECLARE #my_string VARCHAR(20)
SET #my_string = NULL
SELECT * FROM dbo.Test_Coalesce WHERE my_string = COALESCE(#my_string, my_string)
GO
You will only get back two rows because in the rows where the column my_string is NULL you are effective getting:
my_string = COALESCE(#my_string, my_string) =>
my_string = COALESCE(NULL, my_string) =>
my_string = my_string =>
NULL = NULL
But of course, NULL does not equal NULL.
I try to stick with:
SELECT
my_id,
my_string
FROM
dbo.Test_Coalesce
WHERE
(#my_string IS NULL OR my_string = #my_string)
Of course, you can adjust that to use wild cards or whatever else you want to do.
Copying this from my blog post:
USE [AdventureWorks]
GO
CREATE PROCEDURE USP_GET_Contacts_DynSearch
(
-- Optional Filters for Dynamic Search
#ContactID INT = NULL,
#FirstName NVARCHAR(50) = NULL,
#LastName NVARCHAR(50) = NULL,
#EmailAddress NVARCHAR(50) = NULL,
#EmailPromotion INT = NULL,
#Phone NVARCHAR(25) = NULL
)
AS
BEGIN
SET NOCOUNT ON
DECLARE
#lContactID INT,
#lFirstName NVARCHAR(50),
#lLastName NVARCHAR(50),
#lEmailAddress NVARCHAR(50),
#lEmailPromotion INT,
#lPhone NVARCHAR(25)
SET #lContactID = #ContactID
SET #lFirstName = LTRIM(RTRIM(#FirstName))
SET #lLastName = LTRIM(RTRIM(#LastName))
SET #lEmailAddress = LTRIM(RTRIM(#EmailAddress))
SET #lEmailPromotion = #EmailPromotion
SET #lPhone = LTRIM(RTRIM(#Phone))
SELECT
ContactID,
Title,
FirstName,
MiddleName,
LastName,
Suffix,
EmailAddress,
EmailPromotion,
Phone
FROM [Person].[Contact]
WHERE
(#lContactID IS NULL OR ContactID = #lContactID)
AND (#lFirstName IS NULL OR FirstName LIKE '%' + #lFirstName + '%')
AND (#lLastName IS NULL OR LastName LIKE '%' + #lLastName + '%')
AND (#lEmailAddress IS NULL OR EmailAddress LIKE '%' + #lEmailAddress + '%')
AND (#lEmailPromotion IS NULL OR EmailPromotion = #lEmailPromotion)
AND (#lPhone IS NULL OR Phone = #lPhone)
ORDER BY ContactID
END
GO
We can use Generic #Search Parameter and pass any value to it for searching.
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author: --
-- Create date:
-- Description: --
-- =============================================
CREATE PROCEDURE [dbo].[usp_StudentList]
#PageNumber INT = 1, -- Paging parameter
#PageSize INT = 10,-- Paging parameter
#Search VARCHAR(MAX) = NULL, --Generic Search Parameter
#OrderBy VARCHAR(MAX) = 'FirstName', --Default Column Name 'FirstName' for records ordering
#SortDir VARCHAR(MAX) = 'asc' --Default ordering 'asc' for records ordering
AS
BEGIN
SET NOCOUNT ON;
--Query required for paging, this query used to show total records
SELECT COUNT(StudentId) AS RecordsTotal FROM Student
SELECT Student.*,
--Query required for paging, this query used to show total records filtered
COUNT(StudentId) OVER (PARTITION BY 1) AS RecordsFiltered
FROM Student
WHERE
--Generic Search
-- Below is the column list to add in Generic Serach
(#Search IS NULL OR Student.FirstName LIKE '%'+ #Search +'%')
OR (#Search IS NULL OR Student.LastName LIKE '%'+ #Search +'%')
--Order BY
-- Below is the column list to allow sorting
ORDER BY
CASE WHEN #SortDir = 'asc' AND #OrderBy = 'FirstName' THEN Student.FirstName END,
CASE WHEN #SortDir = 'desc' AND #OrderBy = 'FirstName' THEN Student.FirstName END DESC,
CASE WHEN #SortDir = 'asc' AND #OrderBy = 'LastName' THEN Student.LastName END,
CASE WHEN #SortDir = 'desc' AND #OrderBy = 'LastName' THEN Student.LastName END DESC,
OFFSET #PageSize * (#PageNumber - 1) ROWS FETCH NEXT #PageSize ROWS ONLY;
END
My first thought was to write a query something like this...
SELECT EmpId, NameLast, NameMiddle, NameFirst, DepartmentName
FROM dbo.Employee
INNER JOIN dbo.Department ON dbo.Employee.DeptId = dbo.Department.Id
WHERE IdCrq IS NOT NULL
AND
(
#bitSearchFirstName = 0
OR
Employee.NameFirst = #vchFirstName
)
AND
(
#bitSearchMiddleName = 0
OR
Employee.NameMiddle = #vchMiddleName
)
AND
(
#bitSearchFirstName = 0
OR
Employee.NameLast = #vchLastName
)
AND
(
#bitSearchDepartment = 0
OR
Department.Id = #intDeptID
)
...which would then have the caller provide a bit flag if they want to search a particular field and then supply the value if they are to search for it, but I don't know if this is creating a sloppy WHERE clause or if I can get away with a CASE statement in the WHERE clause.
As you can see this particular code is in T-SQL, but I'll gladly look at some PL-SQL / MySQL code as well and adapt accordingly.
I would stick with the NULL/COALESCE method over AdHoc Queries, and then test to make sure you don't have performance problems.
If it turns out that you have slow running queries because it's doing a table scan when you're searching on columns that are indexed, you could always supplement the generic search stored procedure with additional specific ones that allow searching on these indexed fields. For instance, you could have a special SP that does searches by CustomerID, or Last/First Name.
Write a procedure to insert all employee data whose name start with A in table??