3

I have a simple sproc, what is the best way to code it for best query caching/optimization?

I currently have it as follows.

ALTER PROCEDURE dbo.OccupierGet

(
@OccupierID int = 0
)

AS
/* SET NOCOUNT ON */
--Get all details that can be editted.
select TOP 1 ID,AccountNumber,FirstName,LastName,Company,Telephone,Notes,
OccupierTypeID,Address,Address2,City,Country,Telephone2,HomePhone,CellPhone,WorkPhone,Fax,EmailAddress 
from dbo.Occupier
where ID = @OccupierID

RETURN

Would it be better to build the sql query as a string and run with sp_executesql and pass the parameter? I'm asking because of query caching and the parameter I'm using.

Thank you! Tim

Improve this question
9
  • 1
    Both will be stored as parameterised queries. What difference are you thinking it will make? Commented Aug 26, 2011 at 20:06
  • That's exactly what I was wondering... I've tried to find this on the internet because somewhere I got the feeling that I had to use sp_executesql for best practice but I really didn't want to believe it. This confirms my hopes, thanks! Commented Aug 26, 2011 at 20:19
  • BTW, I am working on my first program for a company on my own and I'm trying to learn every piece of "best practice" stuff I can so I won't look at my code later and regret what I did... Commented Aug 26, 2011 at 20:25
  • 1
    I don't see any benefit whatsoever to use sp_executesql in this situation. As long as you use parametrized queries to avoid SQL injection (and that's what you're already doing!), you're fine - just use the "plain" SQL inside your stored proc. Commented Aug 26, 2011 at 20:30
  • 3
    Another way to make this specific query more predictable: don't use TOP without ORDER BY. Also why is SET NOCOUNT ON commented out? Commented Aug 27, 2011 at 14:30

1 Answer 1

Reset to default
3

See no reason to use dynamic SQL here. When you do need to use dynamic SQL, you should consider sp_executesql higher in preference than EXEC(). There are a variety of reasons, including:

  1. sp_executesql is more likely to reuse query plans (see Dynamic SQL - EXEC(@SQL) versus EXEC SP_EXECUTESQL(@SQL));

  2. it is much easier to pass strongly-typed parameters into sp_executesql (thwarting SQL injection better than concatenating a string); and,

  3. you can also get variables from within the dynamic SQL scope back out to the calling scope, for example:

DECLARE @i INT, @sql NVARCHAR(MAX), @dbname SYSNAME = N'model';

SET @sql = N'SELECT @i = COUNT(*) FROM ' 
    + @dbname + '.sys.tables;' 

EXEC sp_executesql @sql, N'@i INT OUTPUT', @i = @i OUTPUT;

PRINT @i;

That's not a very useful example, but it is a common problem when executing dynamic strings. But more to the point, you should only be considering dynamic SQL when you have to, not as a first resort.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.