If you have a query that you want to execute often, you might want to make a stored procedure out of it. Stored procedures help to avoid SQL injection. (SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.) Creating a procedure also means that the SQL script is logically separated from other parts of the application. This often helps in the maintenance of a project. To create a stored procedure, please do the following.
- Type “Create procedure” then provide the name of the procedure. (Note: if you are altering an existing table, please use the Alter keyword instead of create)
- Add the parameters that you are going to use (Note: in parenthesis)
- These are the variables that are to be used within the query.
- When you call the query, you must supply these variables.
- Add the keyword “as” after you close the parenthesis for the parameters
- Insert the SQL query.
- Run this query using F5 or the Execute Button.