} else { $esc_field_id = escape_sql_column_name($field_id, array('patient_data')); sqlStatement("UPDATE patient_data SET `{$esc_field_id}` = ? WHERE pid = ?", array($value, $pid)); } } continue; } else { if ($source == 'E') { // Save to shared_attributes. Can't delete entries for empty fields because with the P option // it's important to know when a current empty value overrides a previous value. sqlStatement("REPLACE INTO shared_attributes SET " . "pid = ?, encounter = ?, field_id = ?, last_update = NOW(), " . "user_id = ?, field_value = ?", array($pid, $encounter, $field_id, $_SESSION['authUserID'], $value)); continue; } else { if ($source == 'V') { // Save to form_encounter. $esc_field_id = escape_sql_column_name($field_id, array('form_encounter')); sqlStatement("UPDATE form_encounter SET `{$esc_field_id}` = ? WHERE " . "pid = ? AND encounter = ?", array($value, $pid, $encounter)); continue; } } } // It's a normal form field, save to lbf_data. if ($formid) { // existing form if ($value === '') { $query = "DELETE FROM lbf_data WHERE " . "form_id = ? AND field_id = ?"; sqlStatement($query, array($formid, $field_id)); } else { $query = "REPLACE INTO lbf_data SET field_value = ?, " . "form_id = ?, field_id = ?"; sqlStatement($query, array($value, $formid, $field_id)); }
} } } // Compute list of column names for SELECT clause. // Always includes pid because we need it for row identification. // $sellist = 'pid'; foreach ($aColumns as $colname) { if ($colname == 'pid') { continue; } $sellist .= ", "; if ($colname == 'name') { $sellist .= "lname, fname, mname"; } else { $sellist .= "`" . escape_sql_column_name($colname, array('patient_data')) . "`"; } } // Get total number of rows in the table. // $row = sqlQuery("SELECT COUNT(id) AS count FROM patient_data"); $iTotal = $row['count']; // Get total number of rows in the table after filtering. // $row = sqlQuery("SELECT COUNT(id) AS count FROM patient_data {$where}"); $iFilteredTotal = $row['count']; // Build the output data array. // $out = array("sEcho" => intval($_GET['sEcho']), "iTotalRecords" => $iTotal, "iTotalDisplayRecords" => $iFilteredTotal, "aaData" => array()); $query = "SELECT {$sellist} FROM patient_data {$where} {$orderby} {$limit}"; $res = sqlStatement($query);
/** * Function to set a specific plan activity for a specific patient * * @param string $plan id(string) of plan * @param string $type plan filter (normal,cqm) * @param string $setting activity of plan (yes,no,default) * @param integer $patient_id pid of selected patient. */ function set_plan_activity_patient($plan, $type, $setting, $patient_id) { // Don't allow messing with the default plans here if ($patient_id == "0") { return; } // Convert setting if ($setting == "on") { $setting = 1; } else { if ($setting == "off") { $setting = 0; } else { // $setting == "default" $setting = NULL; } } // Collect patient specific plan, if already exists. $query = "SELECT * FROM `clinical_plans` WHERE `id` = ? AND `pid` = ?"; $patient_plan = sqlQueryCdrEngine($query, array($plan, $patient_id)); if (empty($patient_plan)) { // Create a new patient specific plan with flags all set to default $query = "INSERT into `clinical_plans` (`id`, `pid`) VALUES (?,?)"; sqlStatementCdrEngine($query, array($plan, $patient_id)); } // Update patient specific row $query = "UPDATE `clinical_plans` SET `" . escape_sql_column_name($type . "_flag", array("clinical_plans")) . "`= ? WHERE id = ? AND pid = ?"; sqlStatementCdrEngine($query, array($setting, $plan, $patient_id)); }
/** * Get the data in an array for this form. * * First, we check the forms table to get the row id in the * specific table. Then we get the row of data from the specific * form_* table. * * @see \ESign\SignableIF::getData() */ public function getData() { // Use default standards based on formdir value // Exceptions are specified in formdir_keys list $row = sqlQuery("SELECT title FROM list_options WHERE list_id = ? AND option_id = ? AND activity = 1", array('formdir_keys', $this->_formDir)); if (isset($row['title'])) { $excp = json_decode("{" . $row['title'] . "}"); } $tbl = isset($excp->tbl) ? $excp->tbl : "form_" . $this->_formDir; $id = isset($excp->id) ? $excp->id : 'id'; $limit = isset($excp->limit) ? $excp->limit : 1; // Get form data based on key from forms table $sql = sprintf("SELECT fd.* FROM %s fd\n \t\tINNER JOIN forms f ON fd.%s = f.form_id\n \t\tWHERE f.id = ?", escape_table_name($tbl), escape_sql_column_name($id, array($tbl))); if ($limit != '*') { $sql .= ' LIMIT ' . escape_limit($limit); } $rs = sqlStatement($sql, array($this->_formId)); if (sqlNumRows($rs) == 1) { // maintain legacy hash $frs = sqlFetchArray($rs); } else { $frs = array(); while ($fr = sqlFetchArray($rs)) { array_push($frs, $fr); } } return $frs; }