function review_of_systems_report($pid, $encounter, $cols, $id) { $count = 0; $data = formFetch("form_review_of_systems", $id); $sql = "SELECT name from form_review_of_systems_checks where foreign_id = '" . add_escape_custom($id) . "'"; $results = sqlQ($sql); $data2 = array(); while ($row = sqlFetchArray($results)) { $data2[] = $row['name']; } $data = array_merge($data, $data2); if ($data) { print "<table><tr>"; foreach ($data as $key => $value) { if ($key == "id" || $key == "pid" || $key == "user" || $key == "groupname" || $key == "authorized" || $key == "activity" || $key == "date" || $value == "" || $value == "0000-00-00 00:00:00") { continue; } if ($value == "on") { $value = "yes"; } $key = ucwords(str_replace("_", " ", $key)); if (is_numeric($key)) { $key = "check"; } print "<td><span class=bold>{$key}: </span><span class=text>{$value}</span></td>"; $count++; if ($count == $cols) { $count = 0; print "</tr><tr>\n"; } } } }
function default_action_process() { if ($_POST['process'] != "true") { return; } $this->well_child = new FormWellChild($_POST['id']); parent::populate_object($this->well_child); $new_form = false; if (empty($_POST['id'])) { $new_form = true; } $this->well_child->persist(); if ($GLOBALS['encounter'] == "") { $GLOBALS['encounter'] = date("Ymd"); } if ($new_form) { addForm($GLOBALS['encounter'], "Well Child Visit", $this->well_child->id, "well_child", $GLOBALS['pid'], $_SESSION['userauthorized']); } if (!empty($_POST['cpt_code'])) { $sql = "select * from codes where code ='" . mysql_real_escape_string($_POST['cpt_code']) . "' order by id"; $results = sqlQ($sql); $row = mysql_fetch_array($results); if (!empty($row)) { addBilling(date("Ymd"), 'CPT4', $row['code'], $row['code_text'], $_SESSION['pid'], $_SESSION['userauthorized'], $_SESSION['authUserID'], $row['modifier'], $row['units'], $row['fee']); } } $_POST['process'] = ""; return; }
function populate() { parent::populate(); $sql = "SELECT name from form_evaluation_checks where foreign_id = '" . add_escape_custom($this->id) . "'"; $results = sqlQ($sql); while ($row = sqlFetchArray($results)) { $this->checks[] = $row['name']; } }
function populate() { parent::populate(); $sql = "SELECT name from form_review_of_systems_checks where foreign_id = '" . mysql_real_escape_string($this->id) . "'"; $results = sqlQ($sql); while ($row = mysql_fetch_array($results, MYSQL_ASSOC)) { $this->checks[] = $row['name']; } }
function insurance_numbers_factory($provider_id) { $ins = array(); $sql = "SELECT id FROM " . $this->_table . " where provider_id = '" . $provider_id . "' order by insurance_company_id"; $results = sqlQ($sql); while ($row = sqlFetchArray($results)) { $ins[] = new InsuranceNumbers($row['id']); } return $ins; }
function providers_factory($sort = "ORDER BY lname,fname") { $psa = array(); $sql = "SELECT id FROM " . $this->_table . " where authorized = 1 " . $sort; $results = sqlQ($sql); while ($row = mysql_fetch_array($results)) { $psa[] = new Provider($row['id']); } return $psa; }
function factory_company($foreign_id = "") { if (empty($foreign_id)) { $foreign_id = "like '%'"; } else { $foreign_id = " = '" . mysql_real_escape_string(strval($foreign_id)) . "'"; } $a = new Address(); $sql = "SELECT id FROM " . $a->_table . " WHERE foreign_id " . $foreign_id; //echo $sql . "<bR />"; $results = sqlQ($sql); //echo "sql: $sql"; $row = mysql_fetch_array($results); if (!empty($row)) { $a = new Address($row['id']); } return $a; }
static function factory_address($foreign_id = "") { if (empty($foreign_id)) { $foreign_id = "like '%'"; } else { $foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'"; } $a = new Address(); $sql = "SELECT id FROM " . $a->_table . " WHERE foreign_id " . $foreign_id; //echo $sql . "<bR />"; $results = sqlQ($sql); //echo "sql: $sql"; $row = sqlFetchArray($results); if (!empty($row)) { $a = new Address($row['id']); } return $a; }
static function factory_phone_numbers($foreign_id = "") { if (empty($foreign_id)) { $foreign_id = "like '%'"; } else { $foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'"; } $phone_numbers = array(); $p = new PhoneNumber(); $sql = "SELECT id FROM " . $p->_table . " WHERE foreign_id " . $foreign_id . " ORDER BY type"; //echo $sql . "<bR />"; $results = sqlQ($sql); //echo "sql: $sql"; while ($row = sqlFetchArray($results)) { $phone_numbers[] = new PhoneNumber($row['id']); } return $phone_numbers; }
function populate() { parent::populate(); $sql = "SELECT name from form_hp_tje_checks where foreign_id = '" . add_escape_custom($this->id) . "'"; $results = sqlQ($sql); while ($row = sqlFetchArray($results)) { $this->checks[] = $row['name']; } $sql = "SELECT doctor,specialty,tx_rendered,effectiveness,date from form_hp_tje_history where foreign_id = '" . add_escape_custom($this->id) . "'"; $results = sqlQ($sql); while ($row = sqlFetchArray($results)) { $this->history[] = $row; } $sql = "SELECT nature_of_accident,injuries,date from form_hp_tje_previous_accidents where foreign_id = '" . add_escape_custom($this->id) . "'"; $results = sqlQ($sql); while ($row = sqlFetchArray($results)) { $this->previous_accidents[] = $row; } }
function default_action_process() { if ($_POST['process'] != "true") { return; } $this->prosthesis = new FormProsthesis($_POST['id']); parent::populate_object($this->prosthesis); $this->prosthesis->persist(); if ($GLOBALS['encounter'] == "") { $GLOBALS['encounter'] = date("Ymd"); } addForm($GLOBALS['encounter'], "Prosthesis & Orthotics Form", $this->prosthesis->id, "prosthesis", $GLOBALS['pid'], $_SESSION['userauthorized']); if (!empty($_POST['cpt_code'])) { $sql = "select * from codes where code ='" . mysql_real_escape_string($_POST['cpt_code']) . "' order by id"; $results = sqlQ($sql); $row = mysql_fetch_array($results); if (!empty($row)) { addBilling(date("Ymd"), 'CPT4', $row['code'], $row['code_text'], $_SESSION['pid'], $_SESSION['userauthorized'], $_SESSION['authUserID'], $row['modifier'], $row['units'], $row['fee']); } } $_POST['process'] = ""; return; }
function default_action_process() { if ($_POST['process'] != "true") { return; } $this->evaluation = new FormEvaluation($_POST['id']); parent::populate_object($this->evaluation); $this->evaluation->persist(); if ($GLOBALS['encounter'] == "") { $GLOBALS['encounter'] = date("Ymd"); } addForm($GLOBALS['encounter'], "Evaluation Form", $this->evaluation->id, "evaluation", $GLOBALS['pid'], $_SESSION['userauthorized']); if (!empty($_POST['cpt_code'])) { $sql = "select * from codes where code ='" . add_escape_custom($_POST['cpt_code']) . "' order by id"; $results = sqlQ($sql); $row = sqlFetchArray($results); if (!empty($row)) { addBilling(date("Ymd"), 'CPT4', $row['code'], $row['code_text'], $_SESSION['pid'], $_SESSION['userauthorized'], $_SESSION['authUserID'], $row['modifier'], $row['units'], $row['fee']); } } $_POST['process'] = ""; return; }
function lab_results_messages($set_pid, $rid, $provider_id = "") { if ($provider_id != "") { $where = "AND id = '" . $provider_id . "'"; } // Get all active users. $rez = sqlStatement("select id, username from users where username != '' AND active = '1' {$where}"); for ($iter = 0; $row = sqlFetchArray($rez); $iter++) { $result[$iter] = $row; } if (!empty($result)) { foreach ($result as $user_detail) { unset($thisauth); // Make sure it is empty. // Check user authorization. Only send the panding review message to authorised user. // $thisauth = acl_check('patients', 'sign', $user_detail['username']); // Route message to administrators if there is no provider match. if ($provider_id == "") { $thisauth = acl_check('admin', 'super', $user_detail['username']); } else { $thisauth = true; } if ($thisauth) { // Send lab result message to the ordering provider when there is a new lab report. $userauthorized = formData("userauthorized"); $pname = getPatientName($set_pid); $link = "<a href='../../orders/orders_results.php?review=1&set_pid={$set_pid}'" . " onclick='return top.restoreSession()'>here</a>"; $note = "Patient {$pname}'s lab results have arrived. Please click {$link} to review them.<br/>"; $note_type = "Lab Results"; $message_status = "New"; // Add pnote. $noteid = addPnote($set_pid, $note, $userauthorized, '1', $note_type, $user_detail['username']); sqlQ("update pnotes set message_status='" . $message_status . "' where id = '{$noteid}'"); } } } }
function UpdateTable($tablename, $pid_col, $oldvalue, $newvalue) { global $commitchanges, $oemrdb; $sqlstmt = "select count(*) as numrows from " . $tablename . " where " . $pid_col . "='" . $oldvalue . "'"; $qResults = sqlQ($sqlstmt); if ($qResults) { $row = sqlFetchArray($qResults); if ($row['numrows'] > 0) { $sqlstmt = "update " . $tablename . " set " . $pid_col . "='" . $newvalue . "' where " . $pid_col . "='" . $oldvalue . "'"; if ($commitchanges == true) { $qResults = sqlQ($sqlstmt); } $rowsupdated = $GLOBALS['adodb']['db']->_affectedrows(); echo "<li>"; echo "" . $tablename . ": " . $rowsupdated . " row(s) updated<br>"; echo "</li>"; } } }
function insurance_companies_factory($city = "", $sort = "ORDER BY name, id") { if (empty($city)) { $city = ""; } else { $city = " WHERE city = " . add_escape_custom($foreign_id); } $p = new InsuranceCompany(); $icompanies = array(); $sql = "SELECT p.id, a.city FROM " . $p->_table . " as p INNER JOIN addresses as a on p.id = a.foreign_id " . $city . " " . add_escape_custom($sort); //echo $sql . "<bR />"; $results = sqlQ($sql); //echo "sql: $sql"; //print_r($results); while ($row = mysql_fetch_array($results)) { $icompanies[] = new InsuranceCompany($row['id']); } return $icompanies; }
function pharmacies_factory($city = "", $sort = "ORDER BY name") { if (empty($city)) { $city = ""; } else { $city = " WHERE city = " . mysql_real_escape_string($foreign_id); } $p = new Pharmacy(); $pharmacies = array(); $sql = "SELECT p.id, a.city FROM " . $p->_table . " as p INNER JOIN addresses as a on p.id = a.foreign_id " . $city . " " . mysql_real_escape_string($sort); //echo $sql . "<bR />"; $results = sqlQ($sql); //echo "sql: $sql"; //print_r($results); while ($row = mysql_fetch_array($results)) { $pharmacies[] = new Pharmacy($row['id']); } return $pharmacies; }
function era_callback_check(&$out) { global $InsertionId; //last inserted ID of global $StringToEcho, $debug; if ($_GET['original'] == 'original') { $StringToEcho = "<br/><br/><br/><br/><br/><br/>"; $StringToEcho .= "<table border='1' cellpadding='0' cellspacing='0' width='750'>"; $StringToEcho .= "<tr bgcolor='#cccccc'><td width='50'></td><td class='dehead' width='150' align='center'>" . htmlspecialchars(xl('Check Number'), ENT_QUOTES) . "</td><td class='dehead' width='400' align='center'>" . htmlspecialchars(xl('Payee Name'), ENT_QUOTES) . "</td><td class='dehead' width='150' align='center'>" . htmlspecialchars(xl('Check Amount'), ENT_QUOTES) . "</td></tr>"; $WarningFlag = false; for ($check_count = 1; $check_count <= $out['check_count']; $check_count++) { if ($check_count % 2 == 1) { $bgcolor = '#ddddff'; } else { $bgcolor = '#ffdddd'; } $rs = sqlQ("select reference from ar_session where reference='" . $out['check_number' . $check_count] . "'"); if (sqlNumRows($rs) > 0) { $bgcolor = '#ff0000'; $WarningFlag = true; } $StringToEcho .= "<tr bgcolor='{$bgcolor}'>"; $StringToEcho .= "<td><input type='checkbox' name='chk" . $out['check_number' . $check_count] . "' value='" . $out['check_number' . $check_count] . "'/></td>"; $StringToEcho .= "<td>" . htmlspecialchars($out['check_number' . $check_count]) . "</td>"; $StringToEcho .= "<td>" . htmlspecialchars($out['payee_name' . $check_count]) . "</td>"; $StringToEcho .= "<td align='right'>" . htmlspecialchars(number_format($out['check_amount' . $check_count], 2)) . "</td>"; $StringToEcho .= "</tr>"; } $StringToEcho .= "<tr bgcolor='#cccccc'><td colspan='4' align='center'><input type='submit' name='CheckSubmit' value='Submit'/></td></tr>"; if ($WarningFlag == true) { $StringToEcho .= "<tr bgcolor='#ff0000'><td colspan='4' align='center'>" . htmlspecialchars(xl('Warning, Check Number already exist in the database'), ENT_QUOTES) . "</td></tr>"; } $StringToEcho .= "</table>"; } else { for ($check_count = 1; $check_count <= $out['check_count']; $check_count++) { $chk_num = $out['check_number' . $check_count]; $chk_num = str_replace(' ', '_', $chk_num); if (isset($_REQUEST['chk' . $chk_num])) { $check_date = $out['check_date' . $check_count] ? $out['check_date' . $check_count] : $_REQUEST['paydate']; $post_to_date = $_REQUEST['post_to_date'] != '' ? $_REQUEST['post_to_date'] : date('Y-m-d'); $deposit_date = $_REQUEST['deposit_date'] != '' ? $_REQUEST['deposit_date'] : date('Y-m-d'); $InsertionId[$out['check_number' . $check_count]] = arPostSession($_REQUEST['InsId'], $out['check_number' . $check_count], $out['check_date' . $check_count], $out['check_amount' . $check_count], $post_to_date, $deposit_date, $debug); } } } }
if (isset($mode)) { if ($mode == "add") { $sql = "REPLACE INTO immunizations set \n id = '" . mysql_real_escape_string($id) . "',\n administered_date = if('" . mysql_real_escape_string($administered_date) . "','" . mysql_real_escape_string($administered_date) . "',NULL), \n immunization_id = '" . mysql_real_escape_string($form_immunization_id) . "',\n manufacturer = '" . mysql_real_escape_string($manufacturer) . "',\n lot_number = '" . mysql_real_escape_string($lot_number) . "',\n administered_by_id = if(" . mysql_real_escape_string($administered_by_id) . "," . mysql_real_escape_string($administered_by_id) . ",NULL),\n administered_by = if('" . mysql_real_escape_string($administered_by) . "','" . mysql_real_escape_string($administered_by) . "',NULL),\n education_date = if('" . mysql_real_escape_string($education_date) . "','" . mysql_real_escape_string($education_date) . "',NULL), \n vis_date = if('" . mysql_real_escape_string($vis_date) . "','" . mysql_real_escape_string($vis_date) . "',NULL), \n note = '" . mysql_real_escape_string($note) . "',\n patient_id = '" . mysql_real_escape_string($pid) . "',\n created_by = '" . mysql_real_escape_string($_SESSION['authId']) . "',\n updated_by = '" . mysql_real_escape_string($_SESSION['authId']) . "',\n create_date = now() "; sqlStatement($sql); $administered_date = $education_date = date('Y-m-d'); $immunization_id = $manufacturer = $lot_number = $administered_by_id = $note = $id = ""; $administered_by = $vis_date = ""; } elseif ($mode == "delete") { // log the event newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Immunization id " . $_POST['id'] . " deleted from pid " . $_POST['pid']); // delete the immunization $sql = "DELETE FROM immunizations WHERE id =" . mysql_real_escape_string($id) . " LIMIT 1"; sqlStatement($sql); } elseif ($mode == "edit") { $sql = "select * from immunizations where id = " . mysql_real_escape_string($id); $results = sqlQ($sql); while ($row = mysql_fetch_assoc($results)) { $administered_date = $row['administered_date']; $immunization_id = $row['immunization_id']; $manufacturer = $row['manufacturer']; $lot_number = $row['lot_number']; $administered_by_id = $row['administered_by_id'] ? $row['administered_by_id'] : 0; $administered_by = $row['administered_by']; $education_date = $row['education_date']; $vis_date = $row['vis_date']; $note = stripslashes($row['note']); } } } // set the default sort method for the list of past immunizations if (!$sortby) {
$sqland = " AND "; $sqlstmt .= $sqland . " lname='" . $row['lname'] . "'"; } if ($parameters['match_sex']) { $sqlstmt .= $sqland . " sex='" . $row['sex'] . "'"; $sqland = " AND "; } if ($parameters['match_ssn']) { $sqlstmt .= $sqland . " ss='" . $row['ss'] . "'"; $sqland = " AND "; } if ($parameters['match_dob']) { $sqlstmt .= $sqland . " dob='" . $row['dob'] . "'"; $sqland = " AND "; } $mResults = sqlQ($sqlstmt); if (!$mResults) { continue; } if (sqlNumRows($mResults) <= 1) { continue; } echo "<div class='match_block' style='padding: 5px 0px 5px 0px;' id='dupediv" . $dupecount . "'>"; echo "<table>"; echo "<tr class='onerow' id='" . $row['id'] . "' oemrid='" . $row['id'] . "' dupecount='" . $dupecount . "' title='Merge duplicates into this record'>"; echo "<td>" . $row['lname'] . ", " . $row['fname'] . "</td>"; echo "<td>" . $row['dob'] . "</td>"; echo "<td>" . $row['sex'] . "</td>"; echo "<td>" . $row['ss'] . "</td>"; echo "<td><input type='button' value=' ? ' class='moreinfo' oemrid='" . $row['pid'] . "' title='More info'></td>"; echo "</tr>";
static function prescriptions_factory($patient_id, $order_by = "active DESC, date_modified DESC, date_added DESC") { $prescriptions = array(); require_once dirname(__FILE__) . "/../translation.inc.php"; $p = new Prescription(); $sql = "SELECT id FROM " . $p->_table . " WHERE patient_id = " . add_escape_custom($patient_id) . " ORDER BY " . add_escape_custom($order_by); $results = sqlQ($sql); while ($row = sqlFetchArray($results)) { $prescriptions[] = new Prescription($row['id']); } return $prescriptions; }
<br> </center> <?php if (!empty($_POST['form_submit'])) { upgradeFromSqlFile_de("database_de_identification.sql"); // grant file privilege to user $dbh = $GLOBALS['dbh']; if ($dbh == FALSE) { echo "\n"; echo "<p>" . getSqlLastError() . " (#" . getSqlLastErrorNo() . ")\n"; break; } $login = $sqlconf["login"]; $loginhost = $sqlconf["host"]; // mysql_select_db($sqlconf['dbase']) or die(getSqlLastError()); if (sqlQ("GRANT FILE ON *.* TO '{$login}'@'{$loginhost}'", $dbh) == FALSE) { echo xl("Error when granting file privilege to the OpenEMR user."); echo "\n"; echo "<p>" . getSqlLastError() . " (#" . getSqlLastErrorNo() . ")\n"; echo xl("Error"); echo "\n"; break; } else { echo "<font color='green'>"; } echo xl("File privilege granted to OpenEMR user."); echo "<br></font>\n"; echo "<p><font color='green'>"; echo xl("Database upgrade finished."); echo "</font></p>\n"; echo "<p><font color='red'>";
$diags = $_POST['code']['diag']; $procs = $_POST['code']['proc']; $sql = array(); if (!empty($procs) && !empty($diags)) { $sql = array(); foreach ($procs as $proc) { $justify_string = ""; foreach ($diags as $diag) { $justify_string .= $diag . ":"; } $sql[] = "UPDATE billing set justify = concat(justify,'" . add_escape_custom($justify_string) . "') where encounter = '" . add_escape_custom($_POST['encounter_id']) . "' and pid = '" . add_escape_custom($_POST['patient_id']) . "' and code = '" . add_escape_custom($proc) . "'"; } } if (!empty($sql)) { foreach ($sql as $q) { $results = sqlQ($q); } } // Save NDC fields, if present. $ndcarr = $_POST['ndc']; for ($lino = 1; !empty($ndcarr["{$lino}"]['code']); ++$lino) { $ndc = $ndcarr["{$lino}"]; $ndc_info = ''; if ($ndc['ndcnum']) { $ndc_info = 'N4' . trim($ndc['ndcnum']) . ' ' . $ndc['ndcuom'] . trim($ndc['ndcqty']); } sqlStatement("UPDATE billing SET ndc_info = '{$ndc_info}' WHERE " . "encounter = '" . add_escape_custom($_POST['encounter_id']) . "' AND " . "pid = '" . add_escape_custom($_POST['patient_id']) . "' AND " . "code = '" . add_escape_custom($ndc['code']) . "'"); } } } ?>
if ($_GET['mode'] == "add") { $sql = "REPLACE INTO immunizations set \n id = ?,\n administered_date = if(?,?,NULL), \n immunization_id = ?,\n cvx_code = ?, \n manufacturer = ?,\n lot_number = ?,\n administered_by_id = if(?,?,NULL),\n administered_by = if(?,?,NULL),\n education_date = if(?,?,NULL), \n vis_date = if(?,?,NULL), \n note = ?,\n patient_id = ?,\n created_by = ?,\n updated_by = ?,\n create_date = now() "; $sqlBindArray = array(trim($_GET['id']), trim($_GET['administered_date']), trim($_GET['administered_date']), trim($_GET['form_immunization_id']), trim($_GET['cvx_code']), trim($_GET['manufacturer']), trim($_GET['lot_number']), trim($_GET['administered_by_id']), trim($_GET['administered_by_id']), trim($_GET['administered_by']), trim($_GET['administered_by']), trim($_GET['education_date']), trim($_GET['education_date']), trim($_GET['vis_date']), trim($_GET['vis_date']), trim($_GET['note']), $pid, $_SESSION['authId'], $_SESSION['authId']); sqlStatement($sql, $sqlBindArray); $administered_date = $education_date = date('Y-m-d'); $immunization_id = $cvx_code = $manufacturer = $lot_number = $administered_by_id = $note = $id = ""; $administered_by = $vis_date = ""; } elseif ($_GET['mode'] == "delete") { // log the event newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Immunization id " . $_GET['id'] . " deleted from pid " . $pid); // delete the immunization $sql = "DELETE FROM immunizations WHERE id =? LIMIT 1"; sqlStatement($sql, array($_GET['id'])); } elseif ($_GET['mode'] == "edit") { $sql = "select * from immunizations where id = ?"; $results = sqlQ($sql, array($_GET['id'])); while ($row = sqlFetchArray($results)) { $administered_date = $row['administered_date']; $immunization_id = $row['immunization_id']; $cvx_code = $row['cvx_code']; $code_text = ''; if (!empty($cvx_code)) { $query = "SELECT codes.code_text as `code_text`, codes.code as `code` " . "FROM codes " . "LEFT JOIN code_types on codes.code_type = code_types.ct_id " . "WHERE code_types.ct_key = 'CVX' AND codes.code = ?"; $row = sqlQuery($query, array($cvx_code)); $code_text = $row['code_text']; } $manufacturer = $row['manufacturer']; $lot_number = $row['lot_number']; $administered_by_id = $row['administered_by_id'] ? $row['administered_by_id'] : 0; $administered_by = $row['administered_by']; $education_date = $row['education_date'];