Optional parameters in WHERE clause

Question

Optional parameters in WHERE clause

pdanes

SSCrazy Eights

Points: 8495
More actions
July 19, 2012 at 9:40 am

#276078

I've been looking around for various ways to do SELECTS in a stored procedure with optional parameters. I found repeated cases, in many different SQL forums of people suggesting this approach:
Create PROCEDURE srchakc.spAkcesIDSrch
@AkcesitPred varchar(2) = '',
@Akcesit int = 0,
@Rok smallint = 0
...
SELECT AkcesAutoID, Rok, AkcesitPred, Akcesit
FROM dbo.Akces
WHERE (@AkcesitPred = '' or AkcesitPred = @AkcesitPred)
AND (@Akcesit = 0 or Akcesit = @Akcesit)
AND (@Rok = 0 or Rok = @Rok)
It works (and quite quickly on my machine, but it's very lightly loaded), and I have to admit, from a coding standpoint it looks slick and tidy. But the query plan always shows a table scan, even though there are indexes that can help. When I write the query out 'longhand', like this:
SELECT AkcesAutoID, Rok, AkcesitPred, Akcesit
FROM dbo.Akces
WHERE Akcesit = @Akcesit
simply omitting the missing parameter(s), it does use an index and the estimated number of rows goes from over 50,000 (the entire table) to three (in my test case), which is, in fact, the actual number of rows returned. Response is pretty much instant in both cases, but as time goes on, I expect this machine to be under greater load, and in any case, I don't want to write crappy code that just happens to run quickly now, when I can write good code that will always run quickly. The other method that seems to be clean is to write a separate SELECT statement for each combination of present or missing parameters, i.e., 2^(number of parameters) SELECT statements, and code to execute the correct one, depending on which parameters are present.
It's more work to write and more work to maintain, and doesn't lend itself to any sort of code reuse. But according to Grant Fritchey in his SQL in the City presentations, code reuse in SQL Server is kind of a lost cause anyway - difficult to do well and often carrying a performance hit.
It would also be possible (and maybe fastest in execution) to write a separate stored procedure for each combination of parameters, but that approach would make the number of procedures balloon insanely.
Anybody have any thoughts on this?

Viewing 15 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic. Login to reply

Lynn Pettis SSC Guru Points: 442467 More actions · Answer 1

You could also use dynamic sql to build the query that needs to be executed based on the parameters passed to the stored procedure.

pdanes SSCrazy Eights Points: 8495 More actions · Answer 2

Lynn Pettis (7/19/2012)
You could also use dynamic sql to build the query that needs to be executed based on the parameters passed to the stored procedure.

Yes, I've done that in a number of cases so far, and gotten my hand smacked for it. It works quite nicely, but many people have told me to use dynamic SQL only as a last resort, so I'm trying to learn other ways to do things. I come from a developer background, so assembling strings is almost second nature, but it seems to be frowned upon in the SQL Server community.

Sean Lange SSC Guru Points: 286590 More actions · Answer 3

Check out Gail's blog post on catch all queries. This explains a couple of ways to go about this.

http://sqlinthewild.co.za/index.php/2009/03/19/catch-all-queries/[/url]

_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/

Gail Shaw SSC Guru Points: 1004504 More actions · Answer 4

Dynamic SQL or OPTION RECOMPILE (if you're on 2008 SP2 or above). Test the recompile, make sure it really does help.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Evil Kraig F SSC Guru Points: 100851 More actions · Answer 5

pdanes (7/19/2012)
Lynn Pettis (7/19/2012)
You could also use dynamic sql to build the query that needs to be executed based on the parameters passed to the stored procedure.
Yes, I've done that in a number of cases so far, and gotten my hand smacked for it. It works quite nicely, but many people have told me to use dynamic SQL only as a last resort, so I'm trying to learn other ways to do things. I come from a developer background, so assembling strings is almost second nature, but it seems to be frowned upon in the SQL Server community.

The reason it's usually smacked down is over-usage and a failure to protect from SQL Injection. However, in the case of 'catch-all search queries', it's basically an optimization requirement these days.

Check out the following blog post from Gail Shaw and it'll walk you through the process:

http://sqlinthewild.co.za/index.php/2009/03/19/catch-all-queries/

In particular, note the use of sp_executesql with parameters to make sure injection cannot occur.

- Craig Farrell

Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.

For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA

Lynn Pettis SSC Guru Points: 442467 More actions · Answer 6

pdanes (7/19/2012)
Lynn Pettis (7/19/2012)
You could also use dynamic sql to build the query that needs to be executed based on the parameters passed to the stored procedure.
Yes, I've done that in a number of cases so far, and gotten my hand smacked for it. It works quite nicely, but many people have told me to use dynamic SQL only as a last resort, so I'm trying to learn other ways to do things. I come from a developer background, so assembling strings is almost second nature, but it seems to be frowned upon in the SQL Server community.

It comes down to an "it depends" with me. I think the reason many frown on it is that many who use it don't code defensively and the dynamic code has SQL Injection issues. If written properly, I don't see why it couldn't be used.

Edit: Bit by the quote bug.

pdanes SSCrazy Eights Points: 8495 More actions · Answer 7

I've just assembled this:

alter PROCEDURE [srchAkc].spAkcesIDSrch

-- Add the parameters for the stored procedure here

@AkcesitPred varchar(2) = '',

@Akcesit int = 0,

@Rok smallint = 0

AS

BEGIN

SET NOCOUNT ON

-- Direction variable

declare @tw tinyint

set @tw = 0

if LEN(@AkcesitPred) > 0 -- AkcesitPred?

set @tw = 1

if @Akcesit > 0 -- Akcesit?

set @tw = @tw + 2

if @Rok > 0 -- Rok?

set @tw = @tw + 4

-- Execute the proper statement, according to which parameters were passed

if @tw = 1