Example #1
0
{
    $output = array();
    $query = sqlStatement("SELECT " . implode(',', $fieldnames) . " FROM list_options where list_id = ? AND activity = 1 order by seq", array($list_id));
    while ($ll = sqlFetchArray($query)) {
        foreach ($fieldnames as $val) {
            $output[$ll['option_id']][$val] = $ll[$val];
        }
    }
    return $output;
}
$formid = formData('id', 'G') + 0;
// If Save or Transmit was clicked, save the info.
//
if ($_POST['bn_save'] || $_POST['bn_xmit']) {
    $ppid = formData('form_lab_id') + 0;
    $sets = "date_ordered = " . QuotedOrNull(formData('form_date_ordered')) . ", " . "provider_id = " . (formData('form_provider_id') + 0) . ", " . "lab_id = " . $ppid . ", " . "date_collected = " . QuotedOrNull(formData('form_date_collected')) . ", " . "order_priority = '" . formData('form_order_priority') . "', " . "order_status = '" . formData('form_order_status') . "', " . "clinical_hx = '" . formData('form_clinical_hx') . "', " . "patient_instructions = '" . formData('form_patient_instructions') . "', " . "patient_id = '" . $pid . "', " . "encounter_id = '" . $encounter . "', " . "history_order= '" . formData('form_history_order') . "'";
    // If updating an existing form...
    //
    if ($formid) {
        $query = "UPDATE procedure_order SET {$sets} " . "WHERE procedure_order_id = '{$formid}'";
        sqlStatement($query);
    } else {
        $query = "INSERT INTO procedure_order SET {$sets}";
        $formid = sqlInsert($query);
        addForm($encounter, "Procedure Order", $formid, "procedure_order", $pid, $userauthorized);
    }
    // Remove any existing procedures and their answers for this order and
    // replace them from the form.
    sqlStatement("DELETE FROM procedure_answers WHERE procedure_order_id = ?", array($formid));
    sqlStatement("DELETE FROM procedure_order_code WHERE procedure_order_id = ?", array($formid));
    for ($i = 0; isset($_POST['form_proc_type'][$i]); ++$i) {
Example #2
0
 $form_end = fixDate($_POST['form_end'], '');
 if ($text_type == 'football_injury') {
     $form_injury_part = $_POST['form_injury_part'];
     $form_injury_type = $_POST['form_injury_type'];
 } else {
     $form_injury_part = $_POST['form_medical_system'];
     $form_injury_type = $_POST['form_medical_type'];
 }
 if ($issue) {
     $query = "UPDATE lists SET " . "type = '" . $text_type . "', " . "title = '" . $_POST['form_title'] . "', " . "comments = '" . $_POST['form_comments'] . "', " . "begdate = " . QuotedOrNull($form_begin) . ", " . "enddate = " . QuotedOrNull($form_end) . ", " . "returndate = " . QuotedOrNull($form_return) . ", " . "diagnosis = '" . $_POST['form_diagnosis'] . "', " . "occurrence = '" . $_POST['form_occur'] . "', " . "classification = '" . $_POST['form_classification'] . "', " . "reinjury_id = '" . $_POST['form_reinjury_id'] . "', " . "referredby = '" . $_POST['form_referredby'] . "', " . "injury_grade = '" . $_POST['form_injury_grade'] . "', " . "injury_part = '" . $form_injury_part . "', " . "injury_type = '" . $form_injury_type . "', " . "outcome = '" . $_POST['form_outcome'] . "', " . "destination = '" . $_POST['form_destination'] . "', " . "reaction ='" . $_POST['form_reaction'] . "' " . "WHERE id = '{$issue}'";
     sqlStatement($query);
     if ($text_type == "medication" && enddate != '') {
         sqlStatement('UPDATE prescriptions SET ' . 'medication = 0 where patient_id = ' . $thispid . " and upper(trim(drug)) = '" . strtoupper($_POST['form_title']) . "' " . ' and medication = 1');
     }
 } else {
     $issue = sqlInsert("INSERT INTO lists ( " . "date, pid, type, title, activity, comments, begdate, enddate, returndate, " . "diagnosis, occurrence, classification, referredby, user, groupname, " . "outcome, destination, reinjury_id, injury_grade, injury_part, injury_type, " . "reaction " . ") VALUES ( " . "NOW(), " . "'{$thispid}', " . "'" . $text_type . "', " . "'" . $_POST['form_title'] . "', " . "1, " . "'" . $_POST['form_comments'] . "', " . QuotedOrNull($form_begin) . ", " . QuotedOrNull($form_end) . ", " . QuotedOrNull($form_return) . ", " . "'" . $_POST['form_diagnosis'] . "', " . "'" . $_POST['form_occur'] . "', " . "'" . $_POST['form_classification'] . "', " . "'" . $_POST['form_referredby'] . "', " . "'" . ${$_SESSION}['authUser'] . "', " . "'" . ${$_SESSION}['authProvider'] . "', " . "'" . $_POST['form_outcome'] . "', " . "'" . $_POST['form_destination'] . "', " . "'" . $_POST['form_reinjury_id'] . "', " . "'" . $_POST['form_injury_grade'] . "', " . "'" . $form_injury_part . "', " . "'" . $form_injury_type . "', " . "'" . $_POST['form_reaction'] . "' " . ")");
 }
 // For record/reporting purposes, place entry in lists_touch table.
 setListTouch($thispid, $text_type);
 if ($text_type == 'football_injury') {
     issue_football_injury_save($issue);
 }
 if ($text_type == 'ippf_gcac') {
     issue_ippf_gcac_save($issue);
 }
 if ($text_type == 'contraceptive') {
     issue_ippf_con_save($issue);
 }
 // If requested, link the issue to a specified encounter.
 if ($thisenc) {
     $query = "INSERT INTO issue_encounter ( " . "pid, list_id, encounter " . ") VALUES ( " . "'{$thispid}', '{$issue}', '{$thisenc}'" . ")";
Example #3
0
     if ($_REQUEST['form_injury_grade'] == "") {
         $form_injury_grade = "0";
     }
     if ($_REQUEST['form_outcome'] == '') {
         $_REQUEST['form_outcome'] = '0';
     }
     if ($issue != '0') {
         //if this issue already exists we are updating it...
         $query = "UPDATE lists SET " . "type = '" . add_escape_custom($form_type) . "', " . "title = '" . add_escape_custom($_REQUEST['form_title']) . "', " . "comments = '" . add_escape_custom($_REQUEST['form_comments']) . "', " . "begdate = " . QuotedOrNull($form_begin) . ", " . "enddate = " . QuotedOrNull($form_end) . ", " . "returndate = " . QuotedOrNull($form_return) . ", " . "diagnosis = '" . add_escape_custom($_REQUEST['form_diagnosis']) . "', " . "occurrence = '" . add_escape_custom($_REQUEST['form_occur']) . "', " . "classification = '" . add_escape_custom($_REQUEST['form_classification']) . "', " . "reinjury_id = '" . add_escape_custom($_REQUEST['form_reinjury_id']) . "', " . "referredby = '" . add_escape_custom($_REQUEST['form_referredby']) . "', " . "injury_grade = '" . add_escape_custom($_REQUEST['form_injury_grade']) . "', " . "injury_part = '" . add_escape_custom($form_injury_part) . "', " . "injury_type = '" . add_escape_custom($form_injury_type) . "', " . "outcome = '" . add_escape_custom($_REQUEST['form_outcome']) . "', " . "destination = '" . add_escape_custom($_REQUEST['form_destination']) . "', " . "reaction ='" . add_escape_custom($_REQUEST['form_reaction']) . "', " . "erx_uploaded = '0', " . "modifydate = NOW(), " . "subtype = '" . $subtype . "' " . "WHERE id = '" . add_escape_custom($issue) . "'";
         sqlStatement($query);
         if ($text_type == "medication" && enddate != '') {
             sqlStatement('UPDATE prescriptions SET ' . 'medication = 0 where patient_id = ? ' . " and upper(trim(drug)) = ? " . ' and medication = 1', array($pid, strtoupper($_REQUEST['form_title'])));
         }
     } else {
         $query = "INSERT INTO lists ( " . "date, pid, type, title, activity, comments, " . "begdate, enddate, returndate, " . "diagnosis, occurrence, classification, referredby, user, " . "groupname, outcome, destination,reaction,subtype " . ") VALUES ( " . "NOW(), ?,?,?,1,?," . QuotedOrNull($form_begin) . ", " . QuotedOrNull($form_end) . ", " . QuotedOrNull($form_return) . ", " . "?,?,?,?,?," . "?,?,?,?,?)";
         $issue = sqlInsert($query, array($pid, $form_type, $_REQUEST['form_title'], $_REQUEST['form_comments'], $_REQUEST['form_diagnosis'], $_REQUEST['form_occur'], $_REQUEST['form_clasification'], $_REQUEST['form_referredby'], $_SESSION['authUser'], $_SESSION['authProvider'], QuotedOrNull($_REQUEST['form_outcome']), $_REQUEST['form_destination'], $_REQUEST['form_reaction'], $subtype));
         // For record/reporting purposes, place entry in lists_touch table.
         setListTouch($pid, $form_type);
         // If requested, link the issue to a specified encounter.
         // we always link them, automatically.
         if ($encounter) {
             $query = "INSERT INTO issue_encounter ( " . "pid, list_id, encounter " . ") VALUES ( ?,?,? )";
             sqlStatement($query, array($pid, $issue, $encounter));
         }
     }
     $irow = '';
     //if it is a medication do we need to do something with dosage fields?
     //leave all in title field form now.
 }
 $PMSFH = build_PMSFH($pid);
 send_json_values($PMSFH);
Example #4
0
        return "NULL";
    }
    return "'{$fld}'";
}
$current_report_id = 0;
if ($_POST['form_submit'] && !empty($_POST['form_line'])) {
    foreach ($_POST['form_line'] as $lino => $line_value) {
        list($order_id, $order_seq, $report_id, $result_id) = explode(':', $line_value);
        // Not using xl() here because this is for debugging only.
        if (empty($order_id)) {
            die("Order ID is missing from line {$lino}.");
        }
        // If report data exists for this line, save it.
        $date_report = oresData("form_date_report", $lino);
        if (!empty($date_report)) {
            $sets = "procedure_order_id = '{$order_id}', " . "procedure_order_seq = '{$order_seq}', " . "date_report = '{$date_report}', " . "date_collected = " . QuotedOrNull(oresData("form_date_collected", $lino)) . ", " . "specimen_num = '" . oresData("form_specimen_num", $lino) . "', " . "report_status = '" . oresData("form_report_status", $lino) . "'";
            // Set the review status to reviewed.
            if ($form_review) {
                $sets .= ", review_status = 'reviewed'";
            }
            if ($report_id) {
                // Report already exists.
                sqlStatement("UPDATE procedure_report SET {$sets} " . "WHERE procedure_report_id = '{$report_id}'");
            } else {
                // Add new report.
                $report_id = sqlInsert("INSERT INTO procedure_report SET {$sets}");
            }
        }
        // If this line had report data entry fields, filled or not, set the
        // "current report ID" which the following result data will link to.
        if (isset($_POST["form_date_report"][$lino])) {
Example #5
0
 if ($lot_id) {
     if ($_POST['form_save']) {
         // Make sure the destination quantity will not end up negative.
         if ($row['on_hand'] + $form_quantity < 0) {
             $info_msg = xl('Transaction failed, insufficient quantity in destination lot');
         } else {
             sqlStatement("UPDATE drug_inventory SET " . "lot_number = '" . add_escape_custom($_POST['form_lot_number']) . "', " . "manufacturer = '" . add_escape_custom($_POST['form_manufacturer']) . "', " . "expiration = " . QuotedOrNull($_POST['form_expiration']) . ", " . "vendor_id = '" . add_escape_custom($_POST['form_vendor_id']) . "', " . "warehouse_id = '" . add_escape_custom($_POST['form_warehouse_id']) . "', " . "on_hand = on_hand + '" . add_escape_custom($form_quantity) . "' " . "WHERE drug_id = ? AND inventory_id = ?", array($drug_id, $lot_id));
         }
     } else {
         sqlStatement("DELETE FROM drug_inventory WHERE drug_id = ? " . "AND inventory_id = ?", array($drug_id, $lot_id));
     }
 } else {
     if ($form_quantity < 0) {
         $info_msg = xl('Transaction failed, quantity is less than zero');
     } else {
         $lot_id = sqlInsert("INSERT INTO drug_inventory ( " . "drug_id, lot_number, manufacturer, expiration, " . "vendor_id, warehouse_id, on_hand " . ") VALUES ( " . "'" . add_escape_custom($drug_id) . "', " . "'" . add_escape_custom($_POST['form_lot_number']) . "', " . "'" . add_escape_custom($_POST['form_manufacturer']) . "', " . QuotedOrNull($_POST['form_expiration']) . ", " . "'" . add_escape_custom($_POST['form_vendor_id']) . "', " . "'" . add_escape_custom($_POST['form_warehouse_id']) . "', " . "'" . add_escape_custom($form_quantity) . "' " . ")");
     }
 }
 // Create the corresponding drug_sales transaction.
 if ($_POST['form_save'] && $form_quantity) {
     $form_notes = $_POST['form_notes'];
     $form_sale_date = $_POST['form_sale_date'];
     if (empty($form_sale_date)) {
         $form_sale_date = date('Y-m-d');
     }
     sqlInsert("INSERT INTO drug_sales ( " . "drug_id, inventory_id, prescription_id, pid, encounter, user, " . "sale_date, quantity, fee, xfer_inventory_id, distributor_id, notes " . ") VALUES ( " . "'" . add_escape_custom($drug_id) . "', " . "'" . add_escape_custom($lot_id) . "', '0', '0', '0', " . "'" . add_escape_custom($_SESSION['authUser']) . "', " . "'" . add_escape_custom($form_sale_date) . "', " . "'" . add_escape_custom(0 - $form_quantity) . "', " . "'" . add_escape_custom(0 - $form_cost) . "', " . "'" . add_escape_custom($form_source_lot) . "', " . "'" . add_escape_custom($form_distributor_id) . "', " . "'" . add_escape_custom($form_notes) . "' )");
     // If this is a transfer then reduce source QOH, and also copy some
     // fields from the source when they are missing.
     if ($form_source_lot) {
         sqlStatement("UPDATE drug_inventory SET " . "on_hand = on_hand - ? " . "WHERE inventory_id = ?", array($form_quantity, $form_source_lot));
         foreach (array('lot_number', 'manufacturer', 'expiration', 'vendor_id') as $item) {
Example #6
0
<script language="JavaScript">
 var mypcc = '<?php 
echo $GLOBALS['phone_country_code'];
?>
';
</script>

</head>

<body class="body_top">
<?php 
// If we are saving, then save and close the window.
//
if ($_POST['form_save']) {
    sqlStatement("UPDATE drug_inventory SET " . "destroy_date = " . QuotedOrNull($form_date) . ", " . "destroy_method = '" . $_POST['form_method'] . "', " . "destroy_witness = '" . $_POST['form_witness'] . "', " . "destroy_notes = '" . $_POST['form_notes'] . "' " . "WHERE drug_id = '{$drug_id}' AND inventory_id = '{$lot_id}'");
    // Close this window and redisplay the updated list of drugs.
    //
    echo "<script language='JavaScript'>\n";
    if ($info_msg) {
        echo " alert('{$info_msg}');\n";
    }
    echo " window.close();\n";
    echo " if (opener.refreshme) opener.refreshme();\n";
    echo "</script></body></html>\n";
    exit;
}
$row = sqlQuery("SELECT * FROM drug_inventory WHERE drug_id = '{$drug_id}' " . "AND inventory_id = '{$lot_id}'");
?>

<form method='post' name='theform' action='destroy_lot.php?drug=<?php 
Example #7
0
<script language="JavaScript">
 var mypcc = '<?php 
echo $GLOBALS['phone_country_code'];
?>
';
</script>

</head>

<body class="body_top">
<?php 
// If we are saving, then save and close the window.
//
if ($_POST['form_save']) {
    sqlStatement("UPDATE drug_inventory SET " . "destroy_date = " . QuotedOrNull($_POST['form_date']) . ", " . "destroy_method = '" . add_escape_custom($_POST['form_method']) . "', " . "destroy_witness = '" . add_escape_custom($_POST['form_witness']) . "', " . "destroy_notes = '" . add_escape_custom($_POST['form_notes']) . "' " . "WHERE drug_id = ? AND inventory_id = ?", array($drug_id, $lot_id));
    // Close this window and redisplay the updated list of drugs.
    //
    echo "<script language='JavaScript'>\n";
    if ($info_msg) {
        echo " alert('" . addslashes($info_msg) . "');\n";
    }
    echo " window.close();\n";
    echo " if (opener.refreshme) opener.refreshme();\n";
    echo "</script></body></html>\n";
    exit;
}
$row = sqlQuery("SELECT * FROM drug_inventory WHERE drug_id = ? " . "AND inventory_id = ?", array($drug_id, $lot_id));
?>

<form method='post' name='theform' action='destroy_lot.php?drug=<?php 
Example #8
0
 if ($lot_id) {
     if ($_POST['form_save']) {
         // Make sure the destination quantity will not end up negative.
         if ($row['on_hand'] + $form_quantity < 0) {
             $info_msg = xl('Transaction failed, insufficient quantity in destination lot');
         } else {
             sqlStatement("UPDATE drug_inventory SET " . "lot_number = '" . formData('form_lot_number') . "', " . "manufacturer = '" . formData('form_manufacturer') . "', " . "expiration = " . QuotedOrNull($form_expiration) . ", " . "vendor_id = '" . formData('form_vendor_id') . "', " . "warehouse_id = '" . formData('form_warehouse_id') . "', " . "on_hand = on_hand + '" . $form_quantity . "' " . "WHERE drug_id = '{$drug_id}' AND inventory_id = '{$lot_id}'");
         }
     } else {
         sqlStatement("DELETE FROM drug_inventory WHERE drug_id = '{$drug_id}' " . "AND inventory_id = '{$lot_id}'");
     }
 } else {
     if ($form_quantity < 0) {
         $info_msg = xl('Transaction failed, quantity is less than zero');
     } else {
         $lot_id = sqlInsert("INSERT INTO drug_inventory ( " . "drug_id, lot_number, manufacturer, expiration, " . "vendor_id, warehouse_id, on_hand " . ") VALUES ( " . "'{$drug_id}', " . "'" . formData('form_lot_number') . "', " . "'" . formData('form_manufacturer') . "', " . QuotedOrNull($form_expiration) . ", " . "'" . formData('form_vendor_id') . "', " . "'" . formData('form_warehouse_id') . "', " . "'" . $form_quantity . "' " . ")");
     }
 }
 // Create the corresponding drug_sales transaction.
 if ($_POST['form_save'] && $form_quantity) {
     $form_notes = formData('form_notes');
     $form_sale_date = formData('form_sale_date');
     if (empty($form_sale_date)) {
         $form_sale_date = date('Y-m-d');
     }
     sqlInsert("INSERT INTO drug_sales ( " . "drug_id, inventory_id, prescription_id, pid, encounter, user, " . "sale_date, quantity, fee, xfer_inventory_id, notes " . ") VALUES ( " . "'{$drug_id}', '{$lot_id}', '0', '0', '0', " . "'" . $_SESSION['authUser'] . "', " . "'{$form_sale_date}', " . "'" . (0 - $form_quantity) . "', " . "'" . (0 - $form_cost) . "', " . "'{$form_source_lot}', " . "'{$form_notes}' )");
     // If this is a transfer then reduce source QOH, and also copy some
     // fields from the source when they are missing.
     if ($form_source_lot) {
         sqlStatement("UPDATE drug_inventory SET " . "on_hand = on_hand - '{$form_quantity}' " . "WHERE inventory_id = '{$form_source_lot}'");
         foreach (array('lot_number', 'manufacturer', 'expiration', 'vendor_id') as $item) {
Example #9
0
function cbcell($name, $desc, $colname)
{
    return "<td width='25%' nowrap>" . cbinput($name, $colname) . "{$desc}</td>\n";
}
function QuotedOrNull($fld)
{
    if (empty($fld)) {
        return "NULL";
    }
    return "'{$fld}'";
}
$formid = formData('id', 'G') + 0;
// If Save was clicked, save the info.
//
if ($_POST['bn_save']) {
    $sets = "procedure_type_id = " . (formData('form_proc_type') + 0) . ", " . "date_ordered = " . QuotedOrNull(formData('form_date_ordered')) . ", " . "provider_id = " . (formData('form_provider_id') + 0) . ", " . "date_collected = " . QuotedOrNull(formData('form_date_collected')) . ", " . "order_priority = '" . formData('form_order_priority') . "', " . "order_status = '" . formData('form_order_status') . "', " . "patient_instructions = '" . formData('form_patient_instructions') . "', " . "patient_id = '" . $pid . "', " . "encounter_id = '" . $encounter . "'";
    // If updating an existing form...
    //
    if ($formid) {
        $query = "UPDATE procedure_order SET {$sets} " . "WHERE procedure_order_id = '{$formid}'";
        sqlStatement($query);
    } else {
        $query = "INSERT INTO procedure_order SET {$sets}";
        $newid = sqlInsert($query);
        addForm($encounter, "Procedure Order", $newid, "procedure_order", $pid, $userauthorized);
    }
    formHeader("Redirecting....");
    formJump();
    formFooter();
    exit;
}