Reputation: 9911
Dynamic SQL - EXEC(@SQL) versus EXEC SP_EXECUTESQL(@SQL)
What are the real world pros and cons of executing a dynamic SQL command in a stored procedure in SQL Server using
EXEC (@SQL)
versus
EXEC SP_EXECUTESQL @SQL
?
Upvotes: 105
Views: 225682
Answers (5)
Reputation: 842
I would always use sp_executesql these days, all it really is is a wrapper for EXEC which handles parameters & variables.
However do not forget about OPTION RECOMPILE when tuning queries on very large databases, especially where you have data spanned over more than one database and are using a CONSTRAINT to limit index scans.
Unless you use OPTION RECOMPILE, SQL server will attempt to create a "one size fits all" execution plan for your query, and will run a full index scan each time it is run.
This is much less efficient than a seek, and means it is potentially scanning entire indexes which are constrained to ranges which you are not even querying :@
Upvotes: 2
Reputation: 4947
Microsoft's Using sp_executesql article recommends using sp_executesql instead of execute statement.
Because this stored procedure supports parameter substitution, sp_executesql is more versatile than EXECUTE; and because sp_executesql generates execution plans that are more likely to be reused by SQL Server, sp_executesql is more efficient than EXECUTE.
So, the take away: Do not use execute statement. Use sp_executesql.
Upvotes: 5
Reputation: 35
- Declare the variable
- Set it by your command and add dynamic parts like use parameter values of sp(here @IsMonday and @IsTuesday are sp params)
execute the command
declare @sql varchar (100) set @sql ='select * from #td1' if (@IsMonday+@IsTuesday !='') begin set @sql= @sql+' where PickupDay in ('''+@IsMonday+''','''+@IsTuesday+''' )' end exec( @sql)
Upvotes: -3
Reputation: 300719
sp_executesql is more likely to promote query plan reuse. When using sp_executesql, parameters are explicitly identified in the calling signature. This excellent article descibes this process.
The oft cited reference for many aspects of dynamic sql is Erland Sommarskog's must read: "The Curse and Blessings of Dynamic SQL".
Upvotes: 102
Reputation: 16257
The big thing about SP_EXECUTESQL is that it allows you to create parameterized queries which is very good if you care about SQL injection.
Upvotes: 24
Related Questions
- What is the advantage of using @ParmDefinition in sp_executesql
- Dynamic SQL in SQL Server: Executing a string through sp_sqlexec @string VS using a pure SQL query - why does stored string not work?
- EXEC sp_executesql not working as expected
- SQL Server Dynamic SQL Execution
- Performance differences calling sp_executesql with dynamic SQL vs parameters
- T-SQL EXEC versus sp_exec
- Change dynamic SQL from using Exec to sp_executesql
- sp_execute SQL vs exec
- Dynamic sql and spexecutesql behavior
- exec sp_executesql @sql and exec (@sql) SQL Server