known-issues-in-stored-procedures.md 37.4 KB

Edit Raw Blame History



Known issues in stored procedures and functions

A consolidated index of code-level defects, comment drift, sealed-but-still-bound
routines, and other audit signals that the
auto-catalog narratives surfaced while
documenting xly's 1,684 stored procedures and 177 functions.


What this page is, and is not

Is: an index. Each entry points at a routine whose per-routine
auto-catalog page carries the full
evidence (proc body excerpt, calling-channel analysis, etc.). The categories below
are decision-support — they let a maintainer scan for what to triage first
without reading 1,861 pages.

Is not: a fix plan. None of these defects have been fixed; the procedures
are still running in production. Several are operationally invisible (e.g., a
broken regex that always returns "yes" looks fine if the caller never relied on
the filter). Others are likely intentional (sealed legacy procs kept around for
rollback). Audit each entry before acting on it — a flag here is a signal
worth verifying, not a confirmed bug ticket.


Methodology. Items were captured by the narrative-writing subagents when
they read the proc/function body to understand what each routine did. The
agents weren't running a defect audit — they noticed mismatches and bugs as a
side effect. Pass 3 spot-checked 10 randomly-selected flag claims and all 10
verified against the live SHOW CREATE output. The list is high-signal but
incomplete: routines whose body the agents didn't read in depth (huge bodies
with body-summarization mode) may carry undocumented issues.


Real correctness / runtime bugs

These will produce wrong results, return wrong values, or fail at runtime under
the documented conditions. Highest priority for audit.


Fun_GetCh — regex '[u0391-uFFE5]' is taken literally (matches u/0/3/…), not as the intended Unicode range Α-￥. The "non-Chinese filter" matches nothing; only -/+ stripping survives. Used by Sp_Create_sControlFaceNameTable*.

GetChineseChar — same broken [u0391-uFFE5] literal regex; classifies every character as non-Chinese.

GetDispatchUnit — falls back to eleproduct.sProductUnit only for one hardcoded GUID; returns NULL on any other deployment.

GetPriorProcess — one branch references session vars @uGuid/@sCurProcessName instead of proc-local uGuid/p_sCurProcessName; that branch always sees NULL.

PRO_ERPMERGEBASEELECUSTOMER — SET clauses swap sCustomerName = @sCustomerNo and sCustomerNo = @sCustomerName; label columns are written to the wrong fields.

PRO_ERPMERGEMFTWORKORDER, PRO_ERPMERGEPRODUCTIONREPORT, PRO_ERPMERGESALSALESORDER — DELETE FROM <table> WHERE sSlaveId = sSlaveId. IN parameter name shadows the column → tautology → wipes the entire merge table on every call before the single-row re-INSERT.

Sp_AdjustMoney_BtnRepair — empty-memo guard sets sCode=-1 but does not LEAVE top; the empty-memo branch still applies the update.

Sp_AfterPost_sQtt — cursor inside iFlag=1 is bounded by viw_mftworkorderprocess count, but the inner SELECT reads from viw_quoquotation × quoquotationprocess × quoquotationcontrol; loop bound is wrong.

Sp_addBtn_gdsmodle — BtnExamine NOT EXISTS guard checks sControlName='BtnBsOperation.BtnInvalid' instead of BtnExamine.

Sp_addSysbrands — gdsconfigformslave clone reuses seed sId values rather than generating new ones; cross-tenant collision risk.

Sp_Apply_Flow_materialspd, Sp_Apply_Flow_productpd — WHERE iPosition=32 AND (sEmployeeNo='00034' OR iPosition=7) is malformed; the iPosition=7 branch is unreachable.

Sp_Apply_Flow_OpsProductMore — p_iCount2 calculated but iOut2 set from p_iCount4; variable-name drift.

Sp_Apply_Flow_OpsProductMorebecome — p_ThreeFlow set to 总经理 then immediately overwritten by 财务总鉴 → 总经理 tier never returned. p_iCount3 assigned twice; p_iCount4 referenced but never assigned, so iOut2 is always 0.

Sp_Apply_Flow_PurCheck — variance formula multiplies new-price by new-price (B.dMaterialsPrice*A.dMaterialsPrice); likely should be dAuxiliaryQty*dMaterialsPrice.

Sp_Apply_Flow_PurpurchaseOrder — p_iOut1 count of guidance-priced lines lacks WHERE sParentId=sGuId; counts across all orders, not just this one. Threshold 30000 hardcoded but header says 20000.

Sp_Apply_Flow_SalSaleOrder — p_ElevenFlow and p_TwelveFlow both populate from iPosition=34 (duplicate); p_MoreFlow = p_ThreeFlow so 会签 collapses to a single party.

Sp_Apply_Flow_SalSalesNotify — 烟包 count lookup hits salsalesinvoiceslave instead of saldelivernotifyslave; iOut2 is wrong for delivery-notify forms with no companion invoice.

Sp_Apply_Flow_Ystz — emits "EightFlow", p_SevenFlow (assigns 总经理 value to 董事长 slot); p_EightFlow populated but never emitted.

Sp_Bd_Root_allstatus26 — temp-table seeding INSERTs/SELECTs column sMachineNo that the CREATE TEMPORARY TABLE doesn't define. Proc fails at every call.

Sp_beforeSaveReturn_sQtt — body joins pitproductrejectslave in a quotation back-writer; copy-paste from Sp_saveReturn_sPdt.

Sp_BtnEvent_AccProductUnFrozen — sFrozenPerson/tFrozenDate overwritten with the unfreezing user/timestamp, losing original-freeze attribution.

Sp_BtnEventCopyUserJurisdiction, Sp_BtnEventCopyGroupJurisdiction — loop-overwrite bug; only the last (sUserId, sToUserId) pair is acted on.

Sp_BtnUpdate_OnOpsConfirm, Sp_BtnUpdate_OnOpsOrder, Sp_BtnUpdate_OnPurOrder — WHERE bOutConfirm=0 guard means once a row is confirmed the CASE toggle can never run again; effectively one-way confirm.

Sp_BtnUpdate_RevSupply — WHERE/SET column mismatch: guards on bCheck=0 but mutates bSubCheck. Copy-paste from sibling template.

Sp_Calc_plateprocessing — IF iCount > 0 reads an undefined session variable (local is p_iCount); "already checked" guard never fires.

Sp_Calc_Product, Sp_Calc_sAcod — uncheck branch reads sNoCanCheckBybCheck instead of sNoCanCheckBybUnCheck.

Sp_Calc_about, Sp_Calc_borrow, Sp_Calc_Change, Sp_Calc_clear — sTmpReturn declared but never assigned; trailing IF sTmpReturn <> '' branch dead across the family.

Sp_Calc_pruOrderBgd — accepts iFlag parameter but never branches on it; uncheck path missing entirely.

Sp_Calc_sExp — missing sStatus-flip and missing already-checked/unchecked guards versus family norm; both branches idempotent.

Sp_Calc_sMat — embedded Sp_System_CheckFlow loop scans SalSalesOrderSlave instead of any elematerials slave; copy-paste from 销售订单 template applied to a material-master audit.

Sp_Calc_sMcd — unqualified sMaterialsId in the UPDATE SET expression; affects 盘点 profit/loss columns on multi-line counts.

Sp_Calc_sPrw — un-audit guard reads from salsalesdevmaster rather than the production-report table.

Sp_Calc_tice, Sp_Calc_tore — column name mis-cased as sCheckPersON; case-sensitive on case-sensitive collations.

Sp_history_purpurchaseordermaster — cursor declares Cur_OrderSlave_handle1 = 1 (not 0); first row silently skipped (off-by-one).

Sp_MaterialHistoricalComparison — accepts sBrId/sSuId but never filters by tenant; every tenant's data mixes.

Sp_PurpurchaseOrder_CheckUpdate — name+COMMENT say "保存校验" but body is dOldPrice/Money back-write, not validation.

Sp_PurchasePriceChart — opens cursor over DT but DT is never populated; loop runs zero times.

Sp_Sales_SalesAnalysiseOfCustomerproperty — receipts subquery groups by EP.sParentId instead of EP.sCustomerPropertyId; axis mismatch.

Sp_Sales_SalesAnalysiseOfMonth, Sp_Sales_SalesAnalysiseProductOfMonth — IFNULL(p_iStatisticsType, 0) self-reference typo; input parameter iStatisticsType is ignored.

Sp_Sales_SalesAnalysiseOfProfit, Sp_Sales_SalesAnalysiseOfProfit_Product — swapped-target rate columns: in-store rate writes to delivery's column and vice versa.

Sp_SalOrder_BillForceComplete — captured p_sReason parsed but never written.

Stuff — right-slice uses LOCATE(SUBSTR(str, startIndex, length), str); when the deleted substring also appears earlier in str, slices from the earlier occurrence.

sp_cursor_test1 — UPDATE eleteststandarditem SET iOrder=(@i:=@i+1) has no ORDER BY; row numbering is non-deterministic.


Header / comment drift

Cosmetic only — the routine works correctly but its ROUTINE_COMMENT, header
comment, or page title describes a different routine. Common after a routine
was renamed or cloned from a template without updating the header.


11 — header 现金日记帐 (cash journal), body is a product-class sales-revenue summary scratchpad.

Fun_Cashier_GetProductPrice — header 获取最近采购价(产品), body reads sales views.

fun_get_jurisdiction — header 获取盒型图片, body is a permission gate.

Fun_getDhouM, Fun_GetGb, Fun_GetTestCount, Fun_GetTestMaterialsCount — all carry the 获取字符串中数字 header copy-pasted from Fun_GetNum; bodies do different things.

Fun_getMoneyFormart — header 根据key值获取json字符串值, body is amount-in-words digit splitter.

Fun_getProductMaxStyle — header 根据首字母拼音查询, unrelated to pinyin.

NewId2 — header claims 27-char output; body produces 32 chars.

Sp_addSysbrands — header 根据模块sId删除模块（包含子模块）.

Sp_afterSave_sOpkg — header references 发外发票, actual binding is 发外对账.

Sp_afterSave_sOpp — header 成品外购后反写数量, actual module is 整单发外.

Sp_afterSave_sPct — header references mobile, actual is 工序检验.

Sp_afterSave_sPmt, Sp_afterSave_sWod — header says "保存前", routine is after-save.

Sp_afterSave_sPtr — header 报废单, current bind is 成品领用.

Sp_afterSave_sSmia, Sp_afterSave_sSmo, Sp_afterSave_sSmoa — headers reference 装配工单, bodies operate on sgdsemigoods*-apply tables.

Sp_afterSave_tore — header 回厂通知单保存后 copy-pasted from tice sibling.

Sp_Apply_Flow_QualityaccidentsSupply_Proc1 — header 供应商扣款单号 过程1 copy-pasted from QualityaccidentMaterials_Proc1.

Sp_Apply_Flow_sCustomer — sParentName JSON label says 供应商分类, body returns siscustomerclassify.sName.

Sp_bd_Eqabnormal — COMMENT 调机时间分析 copy-pasted from Sp_bd_EqAdjust; body is 异常 idle analysis.

Sp_Bd_bi20_hh, Sp_Bd_bi20_ys, Sp_Bd_bi20_2new — header 喷码+分切现场, bodies target 糊盒/印刷/2new.

Sp_Bd_cq_workshop_pj, _pm, _sy — -- call Sp_Bd_cq_workshop_mt(...) header comment copy-pasted from family root.

Sp_bd_MachineOee — header 设备OEE展示 overstates what the body delivers (4 hardcoded constants).

Sp_beforeSave_sStl — header is just 前反写数量 with no document name.

Sp_beforeSaveReturn_sRct — header 估价单保存前反写状态 mis-copied; body operates on receipt graph.

Sp_BtnEvent_AccProductFrozen, _UnFrozen — UnFrozen default sReturn='送货未开票冻结成功！' copy-pasted from Frozen.

Sp_BtnEvent_MaterialsItestType — default sReturn='财务确认成功！' wrong for this proc.

Sp_BtnEvent_OpsInstoreComfirm — default sReturn='物流单确认成功！' copy-pasted from LogisticsComfirm.

Sp_chart_MonthProfit — COMMENT 'PLC数据同步' leftover; body is sales-vs-cost trend.

Sp_format_column — COMMENT '根据模块sId删除模块（包含子模块）'; body normalises grid-column widths.

Sp_pur_purpurchaseorderOfSupply — COMMENT '现金日记帐' mislabel.

Sp_PurpurchaseOrder_CheckUpdate — name+COMMENT say "保存校验", body is back-write.

Sp_reportdata_WorkOrder, _WorkOrder1, _WorkOrder3 — COMMENT '报价单数据源自定义' leftover; bodies are 工单 Jasper data-sources.

Sp_Sales_NotDeliverGoodList, Sp_Sales_NotWorkOrderList, Sp_Sales_PurchaseAnalysiseOfMaterial, _OfMaterialClass, _OfSupply — 现金日记帐 copy-paste on procurement-analysis pivots.

Sp_Sales_SalesAnalysiseOfSalesperson, Sp_Sales_SalesDelivergoodsAnalysiseOfCustomer — COMMENT '现金日记帐' mislabel.

Sp_Sys_GetMenu — auto-catalog header "根据模块sId删除模块" is misleading; body is read-only.

Sp_UnConfirm_Zg — COMMENT says "通过", body messages "不通过".

Sp_UndeliverIsRelated — COMMENT copy-pasted from Sp_UnConfirm_Zg, unrelated to behaviour.


Sealed-but-still-bound (封存 markers retained alongside live bindings)

These procs carry author-written 封存 (sealed/archived) markers in the body
header but still have live form-master or gdsmodule bindings. Either the
marker is informational only (the proc is the canonical one), or the binding
needs to be retired alongside the seal. Verify per routine before changes.


Sp_Bd_Cqzy_workshop5, _6 — 封存 2021-06-20.

Sp_bd_MachinePlanTemplate_1 and 7 siblings — 封存 2021-06-21.

Sp_bd_EqStatus, _new — 封存 2021-06-20.

Sp_CalcCost_BtnEventReCalcCost — 封存 (杨恒林 2021-09-20).

Sp_Calc_sPct1, _2, _3, _OEE — zhucx 2021.11.21 封存.

Sp_CommonList_BtnEventCheck, _UpdatedDoing, _UpdatePrice — 封存 2021-06-16.

Sp_Customerlist_BtnEventCheck1, _UnCheck1 — 封存 2021-05-21.

Sp_GetOrder_Process — @date:20210714 封存 but form binding active.

Sp_Inventory_ProductInOutStoreMoney, _Stock — 封存 2021-05-21.

Sp_Manufacture_BillComplete — 封存 2021-06-07.

Sp_Manufacture_InsertMftPlan, _Process, _ToErp — 封存 2021-07-11.

Sp_Manufacture_MftPlanPhase, _BtnEventCalc, _product (and 3 siblings) — 封存 2022-03.

Sp_Manufacture_ProductionArrange2 — 封存 2021-07.

Sp_Manufacture_ReplaceContent — 封存 2021-07-06.

Sp_Manufacture_ReportQty_BtnEventCalc — 封存 2022-03-21.

Sp_Manufacture_WorkOrderStatistics — 封存 2021-07-14.

Sp_mes_TimeActivation_Machine and 6 siblings — body marked 封存.

sp_OEE_adjustmentend, _billstartWorking, _loading, _endWorked, _Exit — 封存 2021-09-08.

Sp_OEE_ScanInsertToERP, _2013 — 封存 2021-08-17.

Sp_PC_FirstInspection, Sp_PC_PatrolInspection, Sp_Mobile_PatrolInspection — 封存 2021-11-08, form bindings still live.

Sp_PLC_ScanInsertToERP — 封存.

Sp_Product_BtnEventCheck — @date:20210521 封存.

Sp_Quantity_PatrolDailyPaper — DB COMMENT marks 封存 2021-05-23.

Sp_Reachingrate_Machine — 封存 2021-06-21, form binding active.

Sp_Sales_SalesAnalysiseOfProfit, _Product — 封存 2021-06-16, still wired (and carry the swapped-column bug above).

Sp_System_AccountSquareCheck, _New, _material — 封存 2021-05-21.

Sp_System_BatchNPriceMoney, _quo, Sp_System_BatchPriceMoney — 封存 2021-07-07.


Tenant-baked GUIDs and hardcoded magic values

Routines that hardcode specific tenant/customer-specific sIds, dept GUIDs, PLC
numbers, or magic numerics. Cloning to a new deployment requires per-routine
re-mapping; these will silently produce empty/NULL/wrong output on a different
tenant.


Fun_getDhouM — hardcoded machine sIds (e.g. 16500802910009018024524290446000).

fun_GetPreProcessQty — process sId 1691254111216986535515270.

Fun_getProductMaxStyle — eleprocess sIds tying function to one tenant.

fun_getreportId_byArrMaterialsType, _byMaterialsType, Fun_GetReportId_byLogType, fun_getreportId_bycus, fun_gettzreportId_bycus — encode tenant-specific customer + report sIds.

Fun_GetTrunkQty — paper-product-only conversion ratios; non-paper businesses see NULL.

get_config_data_JSON — hardcodes iIncrement = 1509089; sConfigSlaveId parameter ignored.

Sp_addBtn_gdsmodle, Sp_Ai_AddCommonAfterNew, Sp_init_plc_config — hardcoded seed tenant sBrandsId='1111111111'.

Sp_Apply_Flow_MachineFix — hardcoded machine sId.

Sp_Apply_Flow_OpsCheck, _OpsProcess — 7 hardcoded exempt-process sIds.

Sp_Apply_Flow_OpsProduct, _OpsProductMore, _OpsProductMorebecome — dept-root GUIDs 20231120093814639059733069696942 (生产), 17344173190001090119214960551400 (供应链), 烟包 classify root.

Sp_Apply_Flow_OrderChangeNew — multiple tenant dept/process/classify GUIDs.

Sp_Apply_Flow_productpd, _materialspd — hardcoded 工号 '00034' / '06376'.

Sp_Apply_Flow_PurOrder — hardcoded user literal "管广飞".

Sp_Apply_Flow_salesreturnapply, _SalSaleOrder, _sCustomer, _sCustomerAccord, _Supply, _Ystz, _Yzfy — 营销一/二部 dept-root GUIDs, 烟包 classify root, supplier-classify GUIDs.

Sp_Apply_Flow_salDesign — form-sId match filter hardcoded.

Sp_Bd_* family — extensive PLC-to-slot maps tenant-deployment-specific (Sp_Bd_bi20_hh, ys, 2new, _cq_workshop_mt/pj/pm/sy/ysnomes, _workshop1, _Cqzyworkshop1, _Root_allstatus25/26).

Sp_chart_sMachine_speed — hardcoded UUID e748835a-….

Sp_interface_login_before — hardcoded K3 Cloud credentials.

Sp_System_ReCostStructure, sp_update_pricecolumn, sp_int_dbSet — hardcoded schema literals (xlyweberp, xlyweberp_jn, xlyweberp_saas).


Dead code and unimplemented stubs

Procs that exist as empty bodies, single-statement placeholders, or developer
scratch never wired in. Safe to delete from a documentation/lint perspective;
verify no customer override calls them before doing so.


Empty — literal empty body.

ss — SET sReturn = '1111';.

test, test_copy — scratch.

11, sp_cs1 — scratch fragments.

Sp_Bill_Used_Base — stub returning p_bUsed=0 (customer-override slot).

Sp_Cashier_GetProductPrice — body entirely commented out, returns 0.

Sp_chart_home_13 — body commented out, returns NULL.

Sp_Check_sCio, _sScd, _sSdp, _sSfu, _sStl, _sWare — placeholder stubs.

Sp_Manufacture_PlanStatusSet — 97-char placeholder.

Sp_productionPlanInfo_BtnEventUnChange — sCode=-1 then LEAVE top immediately; effectively disabled.

Sp_productionPlanInfo_BtnEventExamineDate — cursor body empty.

Sp_QlyProcessTestJudge — every UPDATE commented out.

Sp_System_CheckSave — approval-routing logic commented out.

Sp_System_CheckSaveFlow — effectively SET sCode=1; SET sReturn='' only.

Sp_System_CheckSaveOee — gutted to a hardcoded error string.

Sp_System_MonThendCheckOut — body literally BEGIN END.

Sp_WorkOrder_CheckUpdateNew, Sp_workorderSave — orphan rewrites.

Sp_WorkWeekReport — returns input date range, no data.


Debug leakage left in production

Stray SELECT … FROM bbbbb; or commented-out -- select aa from bb; left
inside routine bodies. Mostly harmless (the commented-out forms emit nothing,
the live forms emit a stray result-set caller may ignore) but a maintainer
cleanup target.


Sp_Add_Flow — stray SELECT ddd FROM bbbb;.

Sp_Apply_Flow_MaterialsBack — select p_OneFlow;.

Sp_beforeSave_sMpa — stray SELECT @sSqlStmt;.

sp_btn_action — dead SELECT … FROM bbbbb / asadasda / adsadaqqqqqqq.

Sp_BtnEvent_DeliverGoodsFinanceSlave — select p_iSCount;.

Sp_chart_EquipmentLoad1 — debug SELECT p_sData, p_sDay, p_sMachines.

Sp_GetlogisticsPrice, sp_getoutsideprocess, Sp_afterSave_sLos — -- select aa from bb;.

Sp_ProductionDepartmentsReports — spurious select * from xlyweberp.sisprocessclassify; leaks cross-schema reference.

Sp_QlyProduct_BtnCalculate — SELECT p_sId, p_sSlaveId;.

Sp_saleschanceToSop_BtnEventDistribution — select p_changeValue, p_sBussinessType;.

Sp_Supply_refilecheck, _setLevel, _reLevel — stray SELECT @sSqlStmt; surfaces assembled SQL in response.

zAddField_Proc — INSERT into aaa(bb) VALUES (sTableName); fails if table aaa is absent.


Naming and structural inconsistencies


Sp_urisdiction — missing leading j in "jurisdiction".

Sp_chart_EquipmentLod1 — Lod typo (vs Load); duplicate of Sp_chart_EquipmentLoad1.

Sp_Calc_sRetunWork — sRetunWork missing r in 返工 (should be sReturnWork).

Sp_Calc_spurded — lowercase outlier; should likely be sPurDed.

Sp_Procedure_Templet — "Templet" for "Template".

Sp_BtnEvent_LogAheadComfirm, _LogisticsComfirm, _mitOutComfirm, _OpsInstoreComfirm — "Comfirm" misspelling consistent across family.

Sp_Sis_GetMertialsInventoryFormGuid — "Mertials" typo; same name exists as both FUNCTION and PROCEDURE.

sp_get_sOppositeColor, sp_btn_action, sp_init_sVersionFlowId, sp_cursor_test, and ~15 more — lowercase sp_ prefix outliers vs. majority Sp_*.


Security-adjacent


sp_btn_action — dynamic UPDATE concatenates JSON-decoded p_sId without QUOTE()-escaping; SQL injection surface if sProInParam isn't validated upstream.

Sp_interface_login_before — K3 Cloud credentials hardcoded in proc body (username='Administrator', password='Hamah@2022'). Multi-tenant deployments must replace.

Sp_afterSave_sDgda — raw PREPARE/EXECUTE dynamic SQL, splits on ; with no escaping.


Cross-cutting observations

A few patterns worth noting that aren't per-routine flags:


封存 (sealed) markers are not deletion markers. Many sealed routines still have live form-master or gdsmodule bindings. The convention in this codebase is "keep the body but mark intent"; if you act on a 封存 marker, also unbind the form.

Customer overrides live at xly-src/script/客户/<customer>/. Several routines that look like simple stubs in the standard ship (e.g. Sp_Bill_Used_Base) have substantive bodies in customer-override packs. Don't delete a stub before checking script/客户/.

_new/_NEW/_Bak/_Test/date-suffixed variants are a recurring pattern: a parallel rewrite never promoted to production, kept alongside the wired version. The auto-catalog's Backup / snapshot variant template covers the basic _copy1/_bak family; the _new/_NEW siblings live here.

Naming-by-convention dispatchers are invisible to static analysis. BusinessBaseServiceImpl.checkUpdate(..., "sSaveProName") reads the proc name out of gdsmodule at runtime; GenericProcedureCallServiceImpl.doGenericProcedureCall() reads it from the front-end button action descriptor. The auto-catalog narratives capture these where the agents found them, but the snapshot used here doesn't include front-end button config rows — some routines flagged as orphan in this list may be live via a button binding we couldn't observe.