3

My table contains the following fields, Name,Age,Salary,Phone,DOB. Based on a settings table, I have to select only some fields. For example, I say in settings, only Name and Phone is required. How can I do it using stored procedure ?

EDIT :

Which one is good.

  1. Select the required fields from the table.
  2. Select all columns and in ASP.NET page, use .Visibility property to hide or show columns
Improve this question

4 Answers 4

Reset to default
3

SQL is a fixed column language: columns can not be added or removed "on the fly"

You would need to use dynamic SQL to build a SELECT statement, or use IF statements to execute different ones. However, you open up caching, security and injection issues.

Personally, I'd ignore columns in the client code and have a simple, single efficient SQL query. The contract or API between SQL Server and the client should be static and predictable. If the settings table is applied in SQL Server, your client doesn't know what columns to expect. If your client does know, then it can ignore them.

After your edit, option 2, kind of.

But the data should be removed before being rendered in the page.

Keep it simple: don't try to optimise anything yet

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You would need to have multiple different selects - based on your settings table - in your stored proc to return the different sets of data.

 CREATE PROCEDURE dbo.YourProcedure(...)
 AS BEGIN
   DECLARE @Setting INT  -- ?? whatever it is 

   SELECT @Setting = Choice FROM dbo.YourSettingsTable WHERE ....... ???

   IF @Setting = 1
      SELECT Name, Phone
      FROM dbo.YourDataTable

   ELSE
      SELECT Name, Age, DOB, Phone, Salary  
      FROM dbo.YourDataTable

 END

Using this approach, however, has its dangers - since the stored proc might return one set of data or quite another, your SQL Server query optimizer might make a very good decision on how to access the data for one setting - but when your setting changes, that execution plan will be totally outdated, thus potentially leading to horrible performance......

On the other hand - it might be easier to determine that setting before calling your stored proc - and then just pass in that setting as a stored proc parameter.

Or even better yet: have separate stored procs for each "scenario" - and then from the caller, call the appropriate stored proc depending on the value of your setting....

Improve this answer

Comments

1

Create the sql you want dynamically then execute it with exec.

    declare @sql varchar(500)
    set @sql = 'select 123'
    exec (@sql)

The above code should help you understand what you need to know.

Improve this answer

3 Comments

In response to your edit: It depends on volume of activity and the amount of data. If these aren't concerns that are slowing you app down then use option 2. If you need to optimize then use option 1. In general, my advice is don't bother trying to guess where you need to optimize because it's often a waste of your development time.
I have been looking to use this EXEC technique.. however I am aware of possible security issues.. i.e. even if you have say a select statement using a variable column list, someone could pass say a sub-select/delete or something through? I guess the usual process of validating the input params is always good anyway, just wondering if anyone else has some tips about that?
@DavidSheardown If your are taking text someone enters and putting it verbatum into an exec statement then yes you'll have security issues. However, using an exec statement in a stored proc doesn't necessarily mean there are security holes depending on what the inputs are. Forming parameterized queries to go in your exec statement may also be an option to secure your process (again, depends how you're using the inputs).
0
  1. Have a stored procedure for each set of fields you want to select
  2. Allow the list of field names to be passed in as a parameter
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.