# `sp_btn_action` (procedure)

> 单据批量提交


- **Type:** PROCEDURE
- **Deterministic:** NO
- **SQL data access:** CONTAINS SQL

## Parameters

| # | Mode | Name | Type |
|---|---|---|---|
| 1 | IN | `sProInParam` | `longtext` |
| 2 | IN | `sMakePerson` | `varchar(100)` |
| 3 | IN | `sBrId` | `varchar(100)` |
| 4 | IN | `sSuId` | `varchar(100)` |
| 5 | OUT | `sReturn` | `longtext` |
| 6 | OUT | `sCode` | `int` |

## Body

_Body is not pre-cached. To inspect: `mysql --defaults-file=~/.my.cnf -e 'SHOW CREATE PROCEDURE `sp_btn_action`'`._

## Narrative

**Business context:** 单据批量提交 — generic button-click handler driving in-grid bulk field updates ("btnRepair"-style toolbar buttons) on any business document. Parses a `sProInParam` JSON envelope assembled by the frontend that names the target table, the per-row `sId`/`sSlaveId` set, the literal column assignments, and an optional workflow log payload.

**What it does:** Walks `$.params[*].value[*]`, builds a dynamic `UPDATE <p_sTableName> SET <p_sSetSql> WHERE A.sId IN (...) AND sBrandsId/sSubsidiaryId` via `PREPARE/EXECUTE`, with token substitution for `#now#`, `#username#`, `#textareaValue#`. Special branches: when the target is `EptMachineRepairFixMaster` and `bSubmit=1` it calls `Sp_Manufacture_InsertMftPlanSlave_byTable` to refresh the schedule; when target is `eleknifescrapexaminemaster` with `bSubmit6`/`bSubmit8` it joins back into `eleknifescrapmaster` (版材报废) to mark stamp-level submission. Pre-flight `CALL Sp_Bill_Used` enforces lock-state when `bCheckBillUsed=1`. Each row optionally logs to `sp_add_flow_log`.

**Invocation:** Dispatched dynamically by `GenericProcedureCallServiceImpl.doGenericProcedureCall()` (POST `/procedureCall/doGenericProcedureCall`) — frontend toolbar buttons whose action descriptor names `sp_btn_action` route the JSON envelope here. No `gdsmodule` hook, no static caller.

Flag: `sBillNo` parameter is the table name field but the dynamic UPDATE concatenates `p_sId` directly without `QUOTE()`-escaping JSON-decoded user input — SQL injection surface if `sProInParam` is not validated upstream. Body also contains dead `SELECT ... FROM bbbbb;` / `FROM asadasda;` / `FROM adsadaqqqqqqq;` debug-leftover statements (kept under DDL comments only).