You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/relational-databases/stored-procedures/stored-procedures-database-engine.md
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,10 @@
1
1
---
2
-
title: "Stored procedures (Database Engine)"
2
+
title: "Stored Procedures (Database Engine)"
3
3
description: Learn how a stored procedure in SQL Server is a group of one or more Transact-SQL statements or a reference to a .NET Framework common runtime language method.
4
4
author: WilliamDAssafMSFT
5
5
ms.author: wiassaf
6
6
ms.reviewer: randolphwest
7
-
ms.date: 01/04/2024
7
+
ms.date: 11/20/2025
8
8
ms.service: sql
9
9
ms.subservice: stored-procedures
10
10
ms.topic: conceptual
@@ -23,7 +23,7 @@ A stored procedure in [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)]
23
23
24
24
- Accept input parameters and return multiple values in the form of output parameters to the calling program.
25
25
26
-
- Contain programming statements that perform operations in the database. These include calling other procedures.
26
+
- Contain programming statements that perform operations in the database. These statements include calling other procedures.
27
27
28
28
- Return a status value to a calling program to indicate success or failure (and the reason for failure).
29
29
@@ -33,49 +33,49 @@ The following list describes some benefits of using procedures.
33
33
34
34
### Reduced server/client network traffic
35
35
36
-
The commands in a procedure are executed as a single batch of code. This can significantly reduce network traffic between the server and client because only the call to execute the procedure is sent across the network. Without the code encapsulation provided by a procedure, every individual line of code would have to cross the network.
36
+
The commands in a procedure are executed as a single batch of code. This approach can significantly reduce network traffic between the server and client because only the call to execute the procedure is sent across the network. Without the code encapsulation provided by a procedure, every individual line of code would have to cross the network.
37
37
38
38
### Stronger security
39
39
40
-
Multiple users and client programs can perform operations on underlying database objects through a procedure, even if the users and programs don't have direct permissions on those underlying objects. The procedure controls what processes and activities are performed and protects the underlying database objects. This eliminates the requirement to grant permissions at the individual object level and simplifies the security layers.
40
+
Multiple users and client programs can perform operations on underlying database objects through a procedure, even if the users and programs don't have direct permissions on those underlying objects. The procedure controls what processes and activities are performed and protects the underlying database objects. This approach eliminates the requirement to grant permissions at the individual object level and simplifies the security layers.
41
41
42
42
The [EXECUTE AS](../../t-sql/statements/execute-as-clause-transact-sql.md) clause can be specified in the `CREATE PROCEDURE` statement to enable impersonating another user, or enable users or applications to perform certain database activities without needing direct permissions on the underlying objects and commands. For example, some actions such as `TRUNCATE TABLE` don't have grantable permissions. To execute `TRUNCATE TABLE`, the user must have `ALTER` permissions on the specified table. Granting a user `ALTER` permissions on a table might not be ideal, because the user effectively has permissions well beyond the ability to truncate a table. By incorporating the `TRUNCATE TABLE` statement in a module and specifying that module execute as a user who has permissions to modify the table, you can extend the permissions to truncate the table to the user that you grant `EXECUTE` permissions on the module.
43
43
44
44
When an application calls a procedure over the network, only the call to execute the procedure is visible. Therefore, malicious users can't see table and database object names, embed [!INCLUDE [tsql](../../includes/tsql-md.md)] statements of their own, or search for critical data.
45
45
46
46
Using procedure parameters helps guard against SQL injection attacks. Since parameter input is treated as a literal value and not as executable code, it's more difficult for an attacker to insert a command into the [!INCLUDE [tsql](../../includes/tsql-md.md)] statements inside the procedure and compromise security.
47
47
48
-
Procedures can be encrypted, helping to obfuscate the source code. For more information, see [SQL Server encryption](../security/encryption/sql-server-encryption.md).
48
+
You can encrypt procedures to help obfuscate the source code. For more information, see [SQL Server encryption](../security/encryption/sql-server-encryption.md).
49
49
50
50
### Reuse of code
51
51
52
-
The code for any repetitious database operation is the perfect candidate for encapsulation in procedures. This eliminates needless rewrites of the same code, decreases code inconsistency, and allows the access and execution of code by any user or application possessing the necessary permissions.
52
+
The code for any repetitious database operation is a perfect candidate for encapsulation in procedures. This approach eliminates needless rewrites of the same code, decreases code inconsistency, and allows any user or application with the necessary permissions to access and execute the code.
53
53
54
54
### Easier maintenance
55
55
56
-
When client applications call procedures and keep database operations in the data tier, only the procedures must be updated for any changes in the underlying database. The application tier remains separate and doesn't have to know how about any changes to database layouts, relationships, or processes.
56
+
When client applications call procedures and keep database operations in the data tier, you only need to update the procedures for any changes in the underlying database. The application tier remains separate and doesn't have to know about any changes to database layouts, relationships, or processes.
57
57
58
58
### Improved performance
59
59
60
-
By default, a procedure compiles the first time it's executed, and creates an execution plan that is reused for subsequent executions. Since the query processor doesn't have to create a new plan, it typically takes less time to process the procedure.
60
+
By default, a procedure compiles the first time it's executed, and creates an execution plan that it reuses for subsequent executions. Since the query processor doesn't have to create a new plan, it typically takes less time to process the procedure.
61
61
62
62
If there are significant changes to the tables or data referenced by the procedure, the precompiled plan might actually cause the procedure to perform slower. In this case, recompiling the procedure and forcing a new execution plan can improve performance.
63
63
64
64
## Types of stored procedures
65
65
66
66
### User-defined
67
67
68
-
A user-defined procedure can be created in a user-defined database or in all system databases except the `Resource` database. The procedure can be developed in either [!INCLUDE [tsql](../../includes/tsql-md.md)], or as a reference to a [!INCLUDE [msCoName](../../includes/msconame-md.md)][!INCLUDE [dnprdnshort](../../includes/dnprdnshort-md.md)] common runtime language (CLR) method.
68
+
A user-defined procedure can be created in a user-defined database or in all system databases except the `Resource` database. The procedure can be developed in either [!INCLUDE [tsql](../../includes/tsql-md.md)], or as a reference to a [!INCLUDE [dnprdnshort](../../includes/dnprdnshort-md.md)] common runtime language (CLR) method.
69
69
70
70
### Temporary
71
71
72
-
Temporary procedures are a form of user-defined procedures. Temporary procedures are like a permanent procedure, except that they're stored in `tempdb`. There are two types of temporary procedures: *local* and *global*. They differ from each other in their names, their visibility, and their availability. Local temporary procedures have a single number sign (`#`) as the first character of their names; they're visible only to the current user connection, and they're deleted when the connection is closed. Global temporary procedures have two number signs (`##`) as the first two characters of their names; they're visible to any user after they are created, and they're deleted at the end of the last session using the procedure.
72
+
Temporary procedures are a form of user-defined procedures. Temporary procedures are like a permanent procedure, except that they're stored in `tempdb`. There are two types of temporary procedures: *local* and *global*. They differ from each other in their names, their visibility, and their availability. Local temporary procedures have a single number sign (`#`) as the first character of their names. They're visible only to the current user connection, and they're deleted when the connection is closed. Global temporary procedures have two number signs (`##`) as the first two characters of their names. They're visible to any user after they're created, and they're deleted at the end of the last session using the procedure.
73
73
74
74
### System
75
75
76
-
System procedures are included with the [!INCLUDE [ssde-md](../../includes/ssde-md.md)]. They are physically stored in the internal, hidden `Resource` database and logically appear in the `sys` schema of every system-defined and user-defined database. In addition, the `msdb` database also contains system stored procedures in the `dbo` schema that are used for scheduling alerts and jobs. Because system procedures start with the prefix `sp_`, we recommend that you don't use this prefix when naming user-defined procedures. For a complete list of system procedures, see [System stored procedures (Transact-SQL)](../../relational-databases/system-stored-procedures/system-stored-procedures-transact-sql.md).
76
+
System procedures are included with the [!INCLUDE [ssde-md](../../includes/ssde-md.md)]. They're physically stored in the internal, hidden `Resource` database and logically appear in the `sys` schema of every system-defined and user-defined database. In addition, the `msdb` database also contains system stored procedures in the `dbo` schema that are used for scheduling alerts and jobs. Because system procedures start with the prefix `sp_`, don't use this prefix when naming user-defined procedures. For a complete list of system procedures, see [System stored procedures](../system-stored-procedures/system-stored-procedures-transact-sql.md).
77
77
78
-
[!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] supports the system procedures that provide an interface from [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] to external programs for various maintenance activities. These extended procedures use the `xp_` prefix. For a complete list of extended procedures, see [General extended stored procedures (Transact-SQL)](../../relational-databases/system-stored-procedures/general-extended-stored-procedures-transact-sql.md).
78
+
[!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] supports the system procedures that provide an interface from [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] to external programs for various maintenance activities. These extended procedures use the `xp_` prefix. For a complete list of extended procedures, see [General extended stored procedures](../system-stored-procedures/general-extended-stored-procedures-transact-sql.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments