Application Security Testing: An Integral Part of DevOps
Running the stored procedure: GetSalesById.
Passing it two parameters:
@Id = 1
@Sales = (an output parameter)
Running the stored procedure: GetNameInfoById.
Passing it one parameter:
@Id = 1
It returned a recordset which I used to print out this name: Andrew Fuller.
Many ASP users start playing with a database by using Access. While this can be a good way to get you started, Access really isn't a great choice for your web app's back end. Unfortunately taking the leap into the world of SQL Server and its stored procedures can be quite daunting. Here's a sample to help out...
One of the performance increases you get from moving to SQL Server comes from the fact that you can use pre-compiled queries called stored procedures as opposed to dynamically generated SQL statements. Here are the two examples that are used by this sample. This first one takes one input parameter and returns one output parameter.
Create Procedure GetSalesById ( @Id int, @Sales money OUTPUT ) As SELECT @Sales = sales FROM sample WHERE id = @Id
That's pretty simple, but what good would a SQL query be if it could only return a single value so I've also included a sample that will return a full data set. In this case it only returns one record (to keep the sample simple), but there's no reason it couldn't return more.
Create Procedure GetNameInfoById ( @Id int ) As SELECT first_name, last_name FROM sample WHERE id = @Id
Now that you've seen the listings for the stored procedures take a look at the source to the ASP script to see how to call them from an ASP page (included in zip file).