sqlStatement("DELETE FROM prices WHERE pr_id = '{$drug_id}' AND pr_selector != ''"); } } } else { if ($_POST['form_save']) { // saving a new drug $new_drug = true; $drug_id = sqlInsert("INSERT INTO drugs ( " . "name, ndc_number, on_order, reorder_point, form, " . "size, unit, route, cyp_factor, related_code, " . "allow_multiple, allow_combining, active " . ") VALUES ( " . "'" . escapedff('form_name') . "', " . "'" . escapedff('form_ndc_number') . "', " . "'" . escapedff('form_on_order') . "', " . "'" . escapedff('form_reorder_point') . "', " . "'" . escapedff('form_form') . "', " . "'" . escapedff('form_size') . "', " . "'" . escapedff('form_unit') . "', " . "'" . escapedff('form_route') . "', " . "'" . numericff('form_cyp_factor') . "', " . "'" . escapedff('form_related_code') . "', " . (empty($_POST['form_allow_multiple']) ? 0 : 1) . ", " . (empty($_POST['form_allow_combining']) ? 0 : 1) . ", " . (empty($_POST['form_active']) ? 0 : 1) . ")"); } } if ($_POST['form_save'] && $drug_id) { $tmpl = $_POST['form_tmpl']; // If using the simplified drug form, then force the one and only // selector name to be the same as the product name. if ($GLOBALS['sell_non_drug_products'] == 2) { $tmpl["1"]['selector'] = escapedff('form_name'); } sqlStatement("DELETE FROM prices WHERE pr_id = '{$drug_id}' AND pr_selector != ''"); for ($lino = 1; isset($tmpl["{$lino}"]['selector']); ++$lino) { $iter = $tmpl["{$lino}"]; $selector = trim($iter['selector']); if ($selector) { $taxrates = ""; if (!empty($iter['taxrate'])) { foreach ($iter['taxrate'] as $key => $value) { $taxrates .= "{$key}:"; } } sqlInsert("INSERT INTO drug_templates ( " . "drug_id, selector, dosage, period, quantity, refills, taxrates " . ") VALUES ( " . "{$drug_id}, " . "'" . $selector . "', " . "'" . trim($iter['dosage']) . "', " . "'" . trim($iter['period']) . "', " . "'" . trim($iter['quantity']) . "', " . "'" . trim($iter['refills']) . "', " . "'" . $taxrates . "' " . ")"); // Add prices for this drug ID and selector. foreach ($iter['price'] as $key => $value) {
sqlStatement("UPDATE drugs SET " . "name = '" . escapedff('form_name') . "', " . "ndc_number = '" . escapedff('form_ndc_number') . "', " . "drug_code = '" . escapedff('form_drug_code') . "', " . "on_order = '" . escapedff('form_on_order') . "', " . "reorder_point = '" . escapedff('form_reorder_point') . "', " . "max_level = '" . escapedff('form_max_level') . "', " . "form = '" . escapedff('form_form') . "', " . "size = '" . escapedff('form_size') . "', " . "unit = '" . escapedff('form_unit') . "', " . "route = '" . escapedff('form_route') . "', " . "cyp_factor = '" . numericff('form_cyp_factor') . "', " . "related_code = '" . escapedff('form_related_code') . "', " . "allow_multiple = " . (empty($_POST['form_allow_multiple']) ? 0 : 1) . ", " . "allow_combining = " . (empty($_POST['form_allow_combining']) ? 0 : 1) . ", " . "active = " . (empty($_POST['form_active']) ? 0 : 1) . " " . "WHERE drug_id = ?", array($drug_id)); sqlStatement("DELETE FROM drug_templates WHERE drug_id = ?", array($drug_id)); } else { // deleting if (acl_check('admin', 'super')) { sqlStatement("DELETE FROM drug_inventory WHERE drug_id = ?", array($drug_id)); sqlStatement("DELETE FROM drug_templates WHERE drug_id = ?", array($drug_id)); sqlStatement("DELETE FROM drugs WHERE drug_id = ?", array($drug_id)); sqlStatement("DELETE FROM prices WHERE pr_id = ? AND pr_selector != ''", array($drug_id)); } } } else { if ($_POST['form_save']) { // saving a new drug $new_drug = true; $drug_id = sqlInsert("INSERT INTO drugs ( " . "name, ndc_number, drug_code, on_order, reorder_point, max_level, form, " . "size, unit, route, cyp_factor, related_code, " . "allow_multiple, allow_combining, active " . ") VALUES ( " . "'" . escapedff('form_name') . "', " . "'" . escapedff('form_ndc_number') . "', " . "'" . escapedff('form_drug_code') . "', " . "'" . escapedff('form_on_order') . "', " . "'" . escapedff('form_reorder_point') . "', " . "'" . escapedff('form_max_level') . "', " . "'" . escapedff('form_form') . "', " . "'" . escapedff('form_size') . "', " . "'" . escapedff('form_unit') . "', " . "'" . escapedff('form_route') . "', " . "'" . numericff('form_cyp_factor') . "', " . "'" . escapedff('form_related_code') . "', " . (empty($_POST['form_allow_multiple']) ? 0 : 1) . ", " . (empty($_POST['form_allow_combining']) ? 0 : 1) . ", " . (empty($_POST['form_active']) ? 0 : 1) . ")"); } } if ($_POST['form_save'] && $drug_id) { $tmpl = $_POST['form_tmpl']; // If using the simplified drug form, then force the one and only // selector name to be the same as the product name. if ($GLOBALS['sell_non_drug_products'] == 2) { $tmpl["1"]['selector'] = $_POST['form_name']; } sqlStatement("DELETE FROM prices WHERE pr_id = ? AND pr_selector != ''", array($drug_id)); for ($lino = 1; isset($tmpl["{$lino}"]['selector']); ++$lino) { $iter = $tmpl["{$lino}"]; $selector = trim($iter['selector']); if ($selector) { $taxrates = "";