I think it was Doug Lane who coined the stages of dynamic SQL. One of them dealt with the fact that once you start using it, you just wanna use it everywhere, even places where you think you don’t need it.
Most of the time, you don’t. A parameter is good enough. But like we saw last week, sometimes parameters can backfire, and you can use dynamic SQL to save query performance.
That’s one great use, but it’s one you’re gonna have to use constantly. Most of the time when you’re using dynamic SQL, it’s not going to be to correct performance.
- You want to build or use a different string based on some input
- You have a statement you want to execute over multiple targets
- Your script has to support multiple versions of SQL Server
Of course, one can’t reasonably write about dynamic SQL in SQL Server without linking to Erland. Boy howdy, did I learn most everything I know from him.
I Disconnect From You
One of the big downsides of dynamic SQL is that statements in a stored procedure are no longer associated with that stored procedure in system DMVs.
Of course, you can address this somewhat by adding a comment to the query inside the dynamic SQL:
/*headless*/ DECLARE @super_cool_sql NVARCHAR(MAX) = N' SELECT * FROM ALL THE TABLES! '; /*more headed*/ DECLARE @super_cool_sql NVARCHAR(MAX) = N' SELECT * /*super cool procedure name*/ FROM ALL THE TABLES! ';
Where you put the comment is irrelevant, but if it’s a particularly long query, I’d probably want it close to or above the select so it doesn’t get truncated.
But we’re all nice people who don’t write queries with more than 65k characters and spaces in them.
While it’s nice to know where they came from, they’re not easy to track down because they don’t have a parent object id — they’re rogue agents in the plan cache.
It can also make troubleshooting a stored procedure difficult because it can be a little harder to see which statements did the most work.
- You might be conditionally executing certain blocks of dynamic SQL for different reasons
- You might be building dynamic where clauses that have different performance profiles
The first thing I want to cover outright is that IF branching without dynamic SQL does not work. Flat out.
Yes, you can control the flow of logic, but it has no desirable impact on query plan compilation. Everything gets compiled the first time.
Instead of dynamic SQL, though, you could use separate stored procedures, which at least makes the objects a little easier to track down in the plan cache or Query Store.
CREATE OR ALTER PROCEDURE dbo.VoteCount (@VoteTypeId INT, @YearsBack INT) AS BEGIN IF @VoteTypeId IN (2, 1, 3, 5, 10, 6) BEGIN EXEC dbo.VoteCount_InnerBig @VoteTypeId, @YearsBack; END; IF @VoteTypeId IN (16, 15, 11, 8, 9, 7, 12, 4) BEGIN EXEC dbo.VoteCount_InnerSmall @VoteTypeId, @YearsBack; END; END;
Both of those stored procedures can have the same statement in them, without the
? = (SELECT ?) addition needed with the dynamic SQL option.
That they’re owned by different objects is enough to get them separate optimization paths. You’re also a bit less prone to permissions issues, if you’re the kind of person who takes those seriously. But if your app logs in as db_owner or whatever, well, BOFL with that.
Speaking of which, even though I find security incredibly dull and frustrating, let’s talk a little about how people can take advantage of bad dynamic SQL.
Thanks for reading!
If this is the kind of SQL Server stuff you love learning about, you’ll love my training. I’m offering a 75% discount on to my blog readers if you click from here. I’m also available for consulting if you just don’t have time for that and need to solve performance problems quickly.