function QuotedOrNull($fld)
{
$fld = formDataCore($fld, true);
if ($fld) {
return "'{$fld}'";
}
return "NULL";
}
function InsertEvent($args)
{
return sqlInsert("INSERT INTO openemr_postcalendar_events ( " . "pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " . "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " . "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " . "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility,pc_billing_location " . ") VALUES ( " . "'" . $args['form_category'] . "', " . "'" . $args['new_multiple_value'] . "', " . "'" . $args['form_provider'] . "', " . "'" . $args['form_pid'] . "', " . "'" . formDataCore($args['form_title']) . "', " . "NOW(), " . "'" . formDataCore($args['form_comments']) . "', " . "'" . $_SESSION['authUserID'] . "', " . "'" . $args['event_date'] . "', " . "'" . fixDate($args['form_enddate']) . "', " . "'" . $args['duration'] . "', " . "'" . ($args['form_repeat'] ? '1' : '0') . "', " . "'" . serialize($args['recurrspec']) . "', " . "'" . $args['starttime'] . "', " . "'" . $args['endtime'] . "', " . "'" . $args['form_allday'] . "', " . "'" . $args['form_apptstatus'] . "', " . "'" . $args['form_prefcat'] . "', " . "'" . $args['locationspec'] . "', " . "1, " . "1, " . (int) $args['facility'] . "," . (int) $args['billing_facility'] . " )");
}
sqlInsert($query);
} elseif ($_POST['hidden_selection'] == 'change_subcategory') {
$preselect_subcategory_override = $_POST['change_subcategory'];
$category_id = $_POST['hidden_category'];
if ($category_id >= 0) {
$subcategory = formDataCore($subcategory);
$query = "INSERT INTO form_CAMOS_subcategory (user, subcategory, category_id) values ('" . $_SESSION['authUser'] . "', '";
$query .= $subcategory . "', '" . $category_id . "')";
sqlInsert($query);
}
} elseif ($_POST['hidden_selection'] == 'change_item') {
$preselect_item_override = $_POST['change_item'];
$category_id = $_POST['hidden_category'];
$subcategory_id = $_POST['hidden_subcategory'];
if ($category_id >= 0 && $subcategory_id >= 0) {
$item = formDataCore($item);
$query = "INSERT INTO form_CAMOS_item (user, item, content, subcategory_id) values ('" . $_SESSION['authUser'] . "', '";
$query .= $item . "', '" . $content . "', '" . $subcategory_id . "')";
sqlInsert($query);
}
} elseif ($_POST['hidden_selection'] == 'change_content') {
$item_id = $_POST['hidden_item'];
if ($item_id >= 0) {
if ($_POST['hidden_mode'] == 'add to') {
$tmp = sqlQuery("SELECT content from form_CAMOS_item where id = " . $item_id);
if (isset($tmp)) {
$content .= "\n" . $tmp['content'];
}
}
// Not stripping slashes, unclear why, but will keep same functionality
// below just adds the escapes.
function oresData($name, $index)
{
$s = isset($_POST[$name][$index]) ? $_POST[$name][$index] : '';
return formDataCore($s, true);
}
/**
* (Note this function is deprecated for new scripts and is only utilized to support legacy scripts)
* This function is only being kept to support
* previous functionality. If you want to trim
* variables, this should be done using above
* functions.
*
* @param string $s
* @return string
*/
function formTrim($s)
{
return formDataCore($s, true);
}
<?php
// Copyright (C) 2009 Rod Roark <*****@*****.**>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
require_once "../globals.php";
require_once "{$srcdir}/sql.inc";
// Validation for non-unique external patient identifier.
$alertmsg = '';
if (!empty($_POST["form_pubpid"])) {
$form_pubpid = trim($_POST["form_pubpid"]);
$result = sqlQuery("SELECT count(*) AS count FROM patient_data WHERE " . "pubpid = '" . formDataCore($form_pubpid) . "'");
if ($result['count']) {
// Error, not unique.
$alertmsg = xl('Warning: Patient ID is not unique!');
}
}
require_once "{$srcdir}/pid.inc";
require_once "{$srcdir}/patient.inc";
require_once "{$srcdir}/options.inc.php";
// here, we lock the patient data table while we find the most recent max PID
// other interfaces can still read the data during this lock, however
// sqlStatement("lock tables patient_data read");
$result = sqlQuery("SELECT MAX(pid)+1 AS pid FROM patient_data");
$newpid = 1;
if ($result['pid'] > 1) {
$newpid = $result['pid'];
}
function form2db($fldval)
{
$fldval = trim($fldval);
$fldval = formDataCore($fldval);
return $fldval;
}
// Check the current status of Audit Logging
$auditLogStatusFieldOld = $GLOBALS['enable_auditlog'];
$i = 0;
foreach ($GLOBALS_METADATA as $grpname => $grparr) {
foreach ($grparr as $fldid => $fldarr) {
list($fldname, $fldtype, $flddef, $flddesc) = $fldarr;
if ($fldtype == 'pwd') {
$pass = sqlQuery("SELECT gl_value FROM globals WHERE gl_name = '{$fldid}'");
$fldvalueold = $pass['gl_value'];
}
sqlStatement("DELETE FROM globals WHERE gl_name = '{$fldid}'");
if (substr($fldtype, 0, 2) == 'm_') {
if (isset($_POST["form_{$i}"])) {
$fldindex = 0;
foreach ($_POST["form_{$i}"] as $fldvalue) {
$fldvalue = formDataCore($fldvalue, true);
sqlStatement("INSERT INTO globals ( gl_name, gl_index, gl_value ) " . "VALUES ( '{$fldid}', '{$fldindex}', '{$fldvalue}' )");
++$fldindex;
}
}
} else {
if (isset($_POST["form_{$i}"])) {
$fldvalue = formData("form_{$i}", "P", true);
} else {
$fldvalue = "";
}
if ($fldtype == 'pwd') {
$fldvalue = $fldvalue ? SHA1($fldvalue) : $fldvalueold;
}
if (fldvalue) {
// Need to force enable_auditlog_encryption off if the php mycrypt module
$pos = 'Positive for ' . $pos . '. ';
}
$field_names[$key] = $pos . $neg;
} else {
$field_names[$key] = $_POST[$key];
}
if ($field_names[$key] != '') {
// $field_names[$key] .= '.';
$field_names[$key] = preg_replace('/\\s*,\\s*([^,]+)\\./', ' and $1.', $field_names[$key]);
// replace last comma with 'and' and ending period
}
}
//end special processing
foreach ($field_names as $k => $var) {
#if (strtolower($k) == strtolower($var)) {unset($field_names[$k]);}
$field_names[$k] = formDataCore($var);
echo "{$var}\n";
}
if ($encounter == "") {
$encounter = date("Ymd");
}
if ($_GET["mode"] == "new") {
reset($field_names);
$newid = formSubmit("form_Initial_New_Patient_Physical_Exam", $field_names, $_GET["id"], $userauthorized);
addForm($encounter, "Initial New Patient Physical Exam", $newid, "Initial_New_Patient_Physical_Exam", $pid, $userauthorized);
} elseif ($_GET["mode"] == "update") {
sqlInsert("update form_Initial_New_Patient_Physical_Exam set pid = {$_SESSION["pid"]},groupname='" . $_SESSION["authProvider"] . "',user='******',authorized={$userauthorized},activity=1, date = NOW(), sweeter='" . $field_names["sweeter"] . "',bloater='" . $field_names["bloater"] . "',grazer='" . $field_names["grazer"] . "',general='" . $field_names["general"] . "',head='" . $field_names["head"] . "',eyes='" . $field_names["eyes"] . "',ears='" . $field_names["ears"] . "',nose='" . $field_names["nose"] . "',throat='" . $field_names["throat"] . "',oral_cavity='" . $field_names["oral_cavity"] . "',dentition='" . $field_names["dentition"] . "',neck='" . $field_names["neck"] . "',heart='" . $field_names["heart"] . "',lung='" . $field_names["lung"] . "',chest='" . $field_names["chest"] . "',breast='" . $field_names["breast"] . "',male='" . $field_names["male"] . "',female='" . $field_names["female"] . "',note='" . $field_names["note"] . "',abdomen='" . $field_names["abdomen"] . "',scar='" . $field_names["scar"] . "',umbilius='" . $field_names["umbilius"] . "',groins='" . $field_names["groins"] . "',extremities='" . $field_names["extremities"] . "',peripheral_pulses='" . $field_names["peripheral_pulses"] . "',right_peripheral_pulses='" . $field_names["right_peripheral_pulses"] . "',left_peripheral_pulses='" . $field_names["left_peripheral_pulses"] . "',neurological='" . $field_names["neurological"] . "',right_neurological='" . $field_names["right_neurological"] . "',left_neurological='" . $field_names["left_neurological"] . "',rectum='" . $field_names["rectum"] . "',pelvic='" . $field_names["pelvic"] . "',assessment='" . $field_names["assessment"] . "',note2='" . $field_names["note2"] . "',recommendations='" . $field_names["recommendations"] . "',note3='" . $field_names["note3"] . "' where id={$id}");
}
$_SESSION["encounter"] = $encounter;
formHeader("Redirecting....");
formJump();
function process_commands(&$string_to_process, &$camos_return_data)
{
//First, handle replace function as special case. full depth of inserts should be evaluated prior
//to evaluating other functions in final string assembly.
$replace_finished = FALSE;
while (!$replace_finished) {
if (preg_match_all("/\\/\\*\\s*replace\\s*::.*?\\*\\//", $string_to_process, $matches)) {
foreach ($matches[0] as $val) {
$comm = preg_replace("/(\\/\\*)|(\\*\\/)/", "", $val);
$comm_array = split('::', $comm);
//array where first element is command and rest are args
$replacement_item = trim($comm_array[1]);
//this is the item name to search for in the database. easy.
$replacement_text = '';
$query = "SELECT content FROM form_CAMOS_item WHERE item like '" . $replacement_item . "'";
$statement = sqlStatement($query);
if ($result = sqlFetchArray($statement)) {
$replacement_text = $result['content'];
}
$replacement_text = formDataCore($replacement_text);
$string_to_process = str_replace($val, $replacement_text, $string_to_process);
}
} else {
$replace_finished = TRUE;
}
}
//date_add is a function to add a given number of days to the date of the current encounter
//this will be useful for saving templates of prescriptions with 'do not fill until' dates
//I am going to implement with mysql date functions.
//I am putting this before other functions just like replace function because it is replacing text
//needs to be here.
if (preg_match("/\\/\\*\\s*date_add\\s*::\\s*(.*?)\\s*\\*\\//", $string_to_process, $matches)) {
$to_replace = $matches[0];
$days = $matches[1];
$query = "select date_format(date_add(date, interval {$days} day),'%W, %m-%d-%Y') as date from form_encounter where " . "pid = " . $_SESSION['pid'] . " and encounter = " . $_SESSION['encounter'];
$statement = sqlStatement($query);
if ($result = sqlFetchArray($statement)) {
$string_to_process = str_replace($to_replace, $result['date'], $string_to_process);
}
}
if (preg_match("/\\/\\*\\s*date_sub\\s*::\\s*(.*?)\\s*\\*\\//", $string_to_process, $matches)) {
$to_replace = $matches[0];
$days = $matches[1];
$query = "select date_format(date_sub(date, interval {$days} day),'%W, %m-%d-%Y') as date from form_encounter where " . "pid = " . $_SESSION['pid'] . " and encounter = " . $_SESSION['encounter'];
$statement = sqlStatement($query);
if ($result = sqlFetchArray($statement)) {
$string_to_process = str_replace($to_replace, $result['date'], $string_to_process);
}
}
//end of special case of replace function
$return_value = 0;
$camos_return_data = array();
// to be filled with additional camos form submissions if any embedded
$command_array = array();
//to be filled with potential commands
$matches = array();
//to be filled with potential commands
if (!preg_match_all("/\\/\\*.*?\\*\\//s", $string_to_process, $matches)) {
return $return_value;
}
$command_array = $matches[0];
foreach ($command_array as $val) {
//process each command
$comm = preg_replace("/(\\/\\*)|(\\*\\/)/", "", $val);
$comm_array = split('::', $comm);
//array where first element is command and rest are args
//Here is where we process particular commands
if (trim($comm_array[0]) == 'billing') {
array_shift($comm_array);
//couldn't do it in 'if' or would lose element 0 for next if
//insert data into the billing table, see, easy!
$type = trim(array_shift($comm_array));
$code = trim(array_shift($comm_array));
$text = trim(array_shift($comm_array));
$modifier = trim(array_shift($comm_array));
$units = trim(array_shift($comm_array));
//make default units 1 if left blank - bm
if ($units == '') {
$units = 1;
}
$fee = sprintf("%01.2f", trim(array_shift($comm_array)));
//make default fee 0.00 if left blank
if ($fee == '') {
$fee = sprintf("%01.2f", '0.00');
}
//in function call 'addBilling' note last param is the remainder of the array. we will look for justifications here...
addBilling2($encounter, $type, $code, $text, $modifier, $units, $fee, $comm_array);
}
if (trim($comm_array[0]) == 'appt') {
array_shift($comm_array);
$days = trim(array_shift($comm_array));
$time = trim(array_shift($comm_array));
addAppt($days, $time);
}
if (trim($comm_array[0]) == 'vitals') {
array_shift($comm_array);
$weight = trim(array_shift($comm_array));
$height = trim(array_shift($comm_array));
$systolic = trim(array_shift($comm_array));
$diastolic = trim(array_shift($comm_array));
$pulse = trim(array_shift($comm_array));
$temp = trim(array_shift($comm_array));
addVitals($weight, $height, $systolic, $diastolic, $pulse, $temp);
}
$command_count = 0;
if (trim($comm_array[0]) == 'camos') {
$command_count++;
//data to be submitted as separate camos forms
//this is for embedded prescriptions, test orders etc... usually within a soap note or something
//data collected here will be returned so that save.php can give it special treatment and insert
//into the database after the main form data is submitted so it will be in a sensible order
array_push($camos_return_data, array("category" => trim($comm_array[1]), "subcategory" => trim($comm_array[2]), "item" => trim($comm_array[3]), "content" => trim($comm_array[4])));
}
}
$string_to_process = remove_comments($string_to_process);
return $return_value;
}
<?php
$MAXSHOW = 100;
// maximum number of results to display at once
// Construct query and save search parameters as form fields.
// An interesting requirement is to sort on the number of matching fields.
$message = "";
$numfields = 0;
$relevance = "0";
$where = "1 = 0";
foreach ($_REQUEST as $key => $value) {
if (substr($key, 0, 3) != 'mf_') {
continue;
}
// "match field"
$fldname = substr($key, 3);
$avalue = formDataCore($value);
$hvalue = htmlspecialchars(strip_escape_custom($value));
// pubpid requires special treatment. Match on that is fatal.
if ($fldname == 'pubpid') {
$relevance .= " + 1000 * ( {$fldname} LIKE '{$avalue}' )";
} else {
$relevance .= " + ( {$fldname} LIKE '{$avalue}' )";
}
$where .= " OR {$fldname} LIKE '{$avalue}'";
echo "<input type='hidden' name='{$key}' value='{$hvalue}' />\n";
++$numfields;
}
$sql = "SELECT *, ( {$relevance} ) AS relevance, " . "DATE_FORMAT(DOB,'%m/%d/%Y') as DOB_TS " . "FROM patient_data WHERE {$where} " . "ORDER BY relevance DESC, lname, fname, mname " . "LIMIT {$fstart}, {$MAXSHOW}";
$rez = sqlStatement($sql);
$result = array();
while ($row = sqlFetchArray($rez)) {
