sp_btn_action (procedure)

单据批量提交

• Type: PROCEDURE
• Deterministic: NO
• SQL data access: CONTAINS SQL

Parameters

#	Mode	Name	Type
1	IN	sProInParam	longtext
2	IN	sMakePerson	varchar(100)
3	IN	sBrId	varchar(100)
4	IN	sSuId	varchar(100)
5	OUT	sReturn	longtext
6	OUT	sCode	int

Body

Body is not pre-cached. To inspect: mysql --defaults-file=~/.my.cnf -e 'SHOW CREATE PROCEDUREspbtn_action'._

Narrative

Business context: 单据批量提交 — generic button-click handler driving in-grid bulk field updates ("btnRepair"-style toolbar buttons) on any business document. Parses a sProInParam JSON envelope assembled by the frontend that names the target table, the per-row sId/sSlaveId set, the literal column assignments, and an optional workflow log payload.

What it does: Walks $.params[*].value[*], builds a dynamic UPDATE <p_sTableName> SET <p_sSetSql> WHERE A.sId IN (...) AND sBrandsId/sSubsidiaryId via PREPARE/EXECUTE, with token substitution for #now#, #username#, #textareaValue#. Special branches: when the target is EptMachineRepairFixMaster and bSubmit=1 it calls Sp_Manufacture_InsertMftPlanSlave_byTable to refresh the schedule; when target is eleknifescrapexaminemaster with bSubmit6/bSubmit8 it joins back into eleknifescrapmaster (版材报废) to mark stamp-level submission. Pre-flight CALL Sp_Bill_Used enforces lock-state when bCheckBillUsed=1. Each row optionally logs to sp_add_flow_log.

Invocation: Dispatched dynamically by GenericProcedureCallServiceImpl.doGenericProcedureCall() (POST /procedureCall/doGenericProcedureCall) — frontend toolbar buttons whose action descriptor names sp_btn_action route the JSON envelope here. No gdsmodule hook, no static caller.

Flag: sBillNo parameter is the table name field but the dynamic UPDATE concatenates p_sId directly without QUOTE()-escaping JSON-decoded user input — SQL injection surface if sProInParam is not validated upstream. Body also contains dead SELECT ... FROM bbbbb; / FROM asadasda; / FROM adsadaqqqqqqq; debug-leftover statements (kept under DDL comments only).