function QuotedOrNull($fld) { $fld = formDataCore($fld, true); if ($fld) { return "'{$fld}'"; } return "NULL"; }
function InsertEvent($args) { return sqlInsert("INSERT INTO openemr_postcalendar_events ( " . "pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " . "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " . "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " . "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility,pc_billing_location " . ") VALUES ( " . "'" . $args['form_category'] . "', " . "'" . $args['new_multiple_value'] . "', " . "'" . $args['form_provider'] . "', " . "'" . $args['form_pid'] . "', " . "'" . formDataCore($args['form_title']) . "', " . "NOW(), " . "'" . formDataCore($args['form_comments']) . "', " . "'" . $_SESSION['authUserID'] . "', " . "'" . $args['event_date'] . "', " . "'" . fixDate($args['form_enddate']) . "', " . "'" . $args['duration'] . "', " . "'" . ($args['form_repeat'] ? '1' : '0') . "', " . "'" . serialize($args['recurrspec']) . "', " . "'" . $args['starttime'] . "', " . "'" . $args['endtime'] . "', " . "'" . $args['form_allday'] . "', " . "'" . $args['form_apptstatus'] . "', " . "'" . $args['form_prefcat'] . "', " . "'" . $args['locationspec'] . "', " . "1, " . "1, " . (int) $args['facility'] . "," . (int) $args['billing_facility'] . " )"); }
sqlInsert($query); } elseif ($_POST['hidden_selection'] == 'change_subcategory') { $preselect_subcategory_override = $_POST['change_subcategory']; $category_id = $_POST['hidden_category']; if ($category_id >= 0) { $subcategory = formDataCore($subcategory); $query = "INSERT INTO form_CAMOS_subcategory (user, subcategory, category_id) values ('" . $_SESSION['authUser'] . "', '"; $query .= $subcategory . "', '" . $category_id . "')"; sqlInsert($query); } } elseif ($_POST['hidden_selection'] == 'change_item') { $preselect_item_override = $_POST['change_item']; $category_id = $_POST['hidden_category']; $subcategory_id = $_POST['hidden_subcategory']; if ($category_id >= 0 && $subcategory_id >= 0) { $item = formDataCore($item); $query = "INSERT INTO form_CAMOS_item (user, item, content, subcategory_id) values ('" . $_SESSION['authUser'] . "', '"; $query .= $item . "', '" . $content . "', '" . $subcategory_id . "')"; sqlInsert($query); } } elseif ($_POST['hidden_selection'] == 'change_content') { $item_id = $_POST['hidden_item']; if ($item_id >= 0) { if ($_POST['hidden_mode'] == 'add to') { $tmp = sqlQuery("SELECT content from form_CAMOS_item where id = " . $item_id); if (isset($tmp)) { $content .= "\n" . $tmp['content']; } } // Not stripping slashes, unclear why, but will keep same functionality // below just adds the escapes.
function oresData($name, $index) { $s = isset($_POST[$name][$index]) ? $_POST[$name][$index] : ''; return formDataCore($s, true); }
/** * (Note this function is deprecated for new scripts and is only utilized to support legacy scripts) * This function is only being kept to support * previous functionality. If you want to trim * variables, this should be done using above * functions. * * @param string $s * @return string */ function formTrim($s) { return formDataCore($s, true); }
<?php // Copyright (C) 2009 Rod Roark <*****@*****.**> // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. require_once "../globals.php"; require_once "{$srcdir}/sql.inc"; // Validation for non-unique external patient identifier. $alertmsg = ''; if (!empty($_POST["form_pubpid"])) { $form_pubpid = trim($_POST["form_pubpid"]); $result = sqlQuery("SELECT count(*) AS count FROM patient_data WHERE " . "pubpid = '" . formDataCore($form_pubpid) . "'"); if ($result['count']) { // Error, not unique. $alertmsg = xl('Warning: Patient ID is not unique!'); } } require_once "{$srcdir}/pid.inc"; require_once "{$srcdir}/patient.inc"; require_once "{$srcdir}/options.inc.php"; // here, we lock the patient data table while we find the most recent max PID // other interfaces can still read the data during this lock, however // sqlStatement("lock tables patient_data read"); $result = sqlQuery("SELECT MAX(pid)+1 AS pid FROM patient_data"); $newpid = 1; if ($result['pid'] > 1) { $newpid = $result['pid']; }
function form2db($fldval) { $fldval = trim($fldval); $fldval = formDataCore($fldval); return $fldval; }
// Check the current status of Audit Logging $auditLogStatusFieldOld = $GLOBALS['enable_auditlog']; $i = 0; foreach ($GLOBALS_METADATA as $grpname => $grparr) { foreach ($grparr as $fldid => $fldarr) { list($fldname, $fldtype, $flddef, $flddesc) = $fldarr; if ($fldtype == 'pwd') { $pass = sqlQuery("SELECT gl_value FROM globals WHERE gl_name = '{$fldid}'"); $fldvalueold = $pass['gl_value']; } sqlStatement("DELETE FROM globals WHERE gl_name = '{$fldid}'"); if (substr($fldtype, 0, 2) == 'm_') { if (isset($_POST["form_{$i}"])) { $fldindex = 0; foreach ($_POST["form_{$i}"] as $fldvalue) { $fldvalue = formDataCore($fldvalue, true); sqlStatement("INSERT INTO globals ( gl_name, gl_index, gl_value ) " . "VALUES ( '{$fldid}', '{$fldindex}', '{$fldvalue}' )"); ++$fldindex; } } } else { if (isset($_POST["form_{$i}"])) { $fldvalue = formData("form_{$i}", "P", true); } else { $fldvalue = ""; } if ($fldtype == 'pwd') { $fldvalue = $fldvalue ? SHA1($fldvalue) : $fldvalueold; } if (fldvalue) { // Need to force enable_auditlog_encryption off if the php mycrypt module
$pos = 'Positive for ' . $pos . '. '; } $field_names[$key] = $pos . $neg; } else { $field_names[$key] = $_POST[$key]; } if ($field_names[$key] != '') { // $field_names[$key] .= '.'; $field_names[$key] = preg_replace('/\\s*,\\s*([^,]+)\\./', ' and $1.', $field_names[$key]); // replace last comma with 'and' and ending period } } //end special processing foreach ($field_names as $k => $var) { #if (strtolower($k) == strtolower($var)) {unset($field_names[$k]);} $field_names[$k] = formDataCore($var); echo "{$var}\n"; } if ($encounter == "") { $encounter = date("Ymd"); } if ($_GET["mode"] == "new") { reset($field_names); $newid = formSubmit("form_Initial_New_Patient_Physical_Exam", $field_names, $_GET["id"], $userauthorized); addForm($encounter, "Initial New Patient Physical Exam", $newid, "Initial_New_Patient_Physical_Exam", $pid, $userauthorized); } elseif ($_GET["mode"] == "update") { sqlInsert("update form_Initial_New_Patient_Physical_Exam set pid = {$_SESSION["pid"]},groupname='" . $_SESSION["authProvider"] . "',user='******',authorized={$userauthorized},activity=1, date = NOW(), sweeter='" . $field_names["sweeter"] . "',bloater='" . $field_names["bloater"] . "',grazer='" . $field_names["grazer"] . "',general='" . $field_names["general"] . "',head='" . $field_names["head"] . "',eyes='" . $field_names["eyes"] . "',ears='" . $field_names["ears"] . "',nose='" . $field_names["nose"] . "',throat='" . $field_names["throat"] . "',oral_cavity='" . $field_names["oral_cavity"] . "',dentition='" . $field_names["dentition"] . "',neck='" . $field_names["neck"] . "',heart='" . $field_names["heart"] . "',lung='" . $field_names["lung"] . "',chest='" . $field_names["chest"] . "',breast='" . $field_names["breast"] . "',male='" . $field_names["male"] . "',female='" . $field_names["female"] . "',note='" . $field_names["note"] . "',abdomen='" . $field_names["abdomen"] . "',scar='" . $field_names["scar"] . "',umbilius='" . $field_names["umbilius"] . "',groins='" . $field_names["groins"] . "',extremities='" . $field_names["extremities"] . "',peripheral_pulses='" . $field_names["peripheral_pulses"] . "',right_peripheral_pulses='" . $field_names["right_peripheral_pulses"] . "',left_peripheral_pulses='" . $field_names["left_peripheral_pulses"] . "',neurological='" . $field_names["neurological"] . "',right_neurological='" . $field_names["right_neurological"] . "',left_neurological='" . $field_names["left_neurological"] . "',rectum='" . $field_names["rectum"] . "',pelvic='" . $field_names["pelvic"] . "',assessment='" . $field_names["assessment"] . "',note2='" . $field_names["note2"] . "',recommendations='" . $field_names["recommendations"] . "',note3='" . $field_names["note3"] . "' where id={$id}"); } $_SESSION["encounter"] = $encounter; formHeader("Redirecting...."); formJump();
function process_commands(&$string_to_process, &$camos_return_data) { //First, handle replace function as special case. full depth of inserts should be evaluated prior //to evaluating other functions in final string assembly. $replace_finished = FALSE; while (!$replace_finished) { if (preg_match_all("/\\/\\*\\s*replace\\s*::.*?\\*\\//", $string_to_process, $matches)) { foreach ($matches[0] as $val) { $comm = preg_replace("/(\\/\\*)|(\\*\\/)/", "", $val); $comm_array = split('::', $comm); //array where first element is command and rest are args $replacement_item = trim($comm_array[1]); //this is the item name to search for in the database. easy. $replacement_text = ''; $query = "SELECT content FROM form_CAMOS_item WHERE item like '" . $replacement_item . "'"; $statement = sqlStatement($query); if ($result = sqlFetchArray($statement)) { $replacement_text = $result['content']; } $replacement_text = formDataCore($replacement_text); $string_to_process = str_replace($val, $replacement_text, $string_to_process); } } else { $replace_finished = TRUE; } } //date_add is a function to add a given number of days to the date of the current encounter //this will be useful for saving templates of prescriptions with 'do not fill until' dates //I am going to implement with mysql date functions. //I am putting this before other functions just like replace function because it is replacing text //needs to be here. if (preg_match("/\\/\\*\\s*date_add\\s*::\\s*(.*?)\\s*\\*\\//", $string_to_process, $matches)) { $to_replace = $matches[0]; $days = $matches[1]; $query = "select date_format(date_add(date, interval {$days} day),'%W, %m-%d-%Y') as date from form_encounter where " . "pid = " . $_SESSION['pid'] . " and encounter = " . $_SESSION['encounter']; $statement = sqlStatement($query); if ($result = sqlFetchArray($statement)) { $string_to_process = str_replace($to_replace, $result['date'], $string_to_process); } } if (preg_match("/\\/\\*\\s*date_sub\\s*::\\s*(.*?)\\s*\\*\\//", $string_to_process, $matches)) { $to_replace = $matches[0]; $days = $matches[1]; $query = "select date_format(date_sub(date, interval {$days} day),'%W, %m-%d-%Y') as date from form_encounter where " . "pid = " . $_SESSION['pid'] . " and encounter = " . $_SESSION['encounter']; $statement = sqlStatement($query); if ($result = sqlFetchArray($statement)) { $string_to_process = str_replace($to_replace, $result['date'], $string_to_process); } } //end of special case of replace function $return_value = 0; $camos_return_data = array(); // to be filled with additional camos form submissions if any embedded $command_array = array(); //to be filled with potential commands $matches = array(); //to be filled with potential commands if (!preg_match_all("/\\/\\*.*?\\*\\//s", $string_to_process, $matches)) { return $return_value; } $command_array = $matches[0]; foreach ($command_array as $val) { //process each command $comm = preg_replace("/(\\/\\*)|(\\*\\/)/", "", $val); $comm_array = split('::', $comm); //array where first element is command and rest are args //Here is where we process particular commands if (trim($comm_array[0]) == 'billing') { array_shift($comm_array); //couldn't do it in 'if' or would lose element 0 for next if //insert data into the billing table, see, easy! $type = trim(array_shift($comm_array)); $code = trim(array_shift($comm_array)); $text = trim(array_shift($comm_array)); $modifier = trim(array_shift($comm_array)); $units = trim(array_shift($comm_array)); //make default units 1 if left blank - bm if ($units == '') { $units = 1; } $fee = sprintf("%01.2f", trim(array_shift($comm_array))); //make default fee 0.00 if left blank if ($fee == '') { $fee = sprintf("%01.2f", '0.00'); } //in function call 'addBilling' note last param is the remainder of the array. we will look for justifications here... addBilling2($encounter, $type, $code, $text, $modifier, $units, $fee, $comm_array); } if (trim($comm_array[0]) == 'appt') { array_shift($comm_array); $days = trim(array_shift($comm_array)); $time = trim(array_shift($comm_array)); addAppt($days, $time); } if (trim($comm_array[0]) == 'vitals') { array_shift($comm_array); $weight = trim(array_shift($comm_array)); $height = trim(array_shift($comm_array)); $systolic = trim(array_shift($comm_array)); $diastolic = trim(array_shift($comm_array)); $pulse = trim(array_shift($comm_array)); $temp = trim(array_shift($comm_array)); addVitals($weight, $height, $systolic, $diastolic, $pulse, $temp); } $command_count = 0; if (trim($comm_array[0]) == 'camos') { $command_count++; //data to be submitted as separate camos forms //this is for embedded prescriptions, test orders etc... usually within a soap note or something //data collected here will be returned so that save.php can give it special treatment and insert //into the database after the main form data is submitted so it will be in a sensible order array_push($camos_return_data, array("category" => trim($comm_array[1]), "subcategory" => trim($comm_array[2]), "item" => trim($comm_array[3]), "content" => trim($comm_array[4]))); } } $string_to_process = remove_comments($string_to_process); return $return_value; }
<?php $MAXSHOW = 100; // maximum number of results to display at once // Construct query and save search parameters as form fields. // An interesting requirement is to sort on the number of matching fields. $message = ""; $numfields = 0; $relevance = "0"; $where = "1 = 0"; foreach ($_REQUEST as $key => $value) { if (substr($key, 0, 3) != 'mf_') { continue; } // "match field" $fldname = substr($key, 3); $avalue = formDataCore($value); $hvalue = htmlspecialchars(strip_escape_custom($value)); // pubpid requires special treatment. Match on that is fatal. if ($fldname == 'pubpid') { $relevance .= " + 1000 * ( {$fldname} LIKE '{$avalue}' )"; } else { $relevance .= " + ( {$fldname} LIKE '{$avalue}' )"; } $where .= " OR {$fldname} LIKE '{$avalue}'"; echo "<input type='hidden' name='{$key}' value='{$hvalue}' />\n"; ++$numfields; } $sql = "SELECT *, ( {$relevance} ) AS relevance, " . "DATE_FORMAT(DOB,'%m/%d/%Y') as DOB_TS " . "FROM patient_data WHERE {$where} " . "ORDER BY relevance DESC, lname, fname, mname " . "LIMIT {$fstart}, {$MAXSHOW}"; $rez = sqlStatement($sql); $result = array(); while ($row = sqlFetchArray($rez)) {