sqlStatement("DELETE FROM prices WHERE pr_id = '{$drug_id}' AND pr_selector != ''");
         }
     }
 } else {
     if ($_POST['form_save']) {
         // saving a new drug
         $new_drug = true;
         $drug_id = sqlInsert("INSERT INTO drugs ( " . "name, ndc_number, on_order, reorder_point, form, " . "size, unit, route, cyp_factor, related_code, " . "allow_multiple, allow_combining, active " . ") VALUES ( " . "'" . escapedff('form_name') . "', " . "'" . escapedff('form_ndc_number') . "', " . "'" . escapedff('form_on_order') . "', " . "'" . escapedff('form_reorder_point') . "', " . "'" . escapedff('form_form') . "', " . "'" . escapedff('form_size') . "', " . "'" . escapedff('form_unit') . "', " . "'" . escapedff('form_route') . "', " . "'" . numericff('form_cyp_factor') . "', " . "'" . escapedff('form_related_code') . "', " . (empty($_POST['form_allow_multiple']) ? 0 : 1) . ", " . (empty($_POST['form_allow_combining']) ? 0 : 1) . ", " . (empty($_POST['form_active']) ? 0 : 1) . ")");
     }
 }
 if ($_POST['form_save'] && $drug_id) {
     $tmpl = $_POST['form_tmpl'];
     // If using the simplified drug form, then force the one and only
     // selector name to be the same as the product name.
     if ($GLOBALS['sell_non_drug_products'] == 2) {
         $tmpl["1"]['selector'] = escapedff('form_name');
     }
     sqlStatement("DELETE FROM prices WHERE pr_id = '{$drug_id}' AND pr_selector != ''");
     for ($lino = 1; isset($tmpl["{$lino}"]['selector']); ++$lino) {
         $iter = $tmpl["{$lino}"];
         $selector = trim($iter['selector']);
         if ($selector) {
             $taxrates = "";
             if (!empty($iter['taxrate'])) {
                 foreach ($iter['taxrate'] as $key => $value) {
                     $taxrates .= "{$key}:";
                 }
             }
             sqlInsert("INSERT INTO drug_templates ( " . "drug_id, selector, dosage, period, quantity, refills, taxrates " . ") VALUES ( " . "{$drug_id}, " . "'" . $selector . "', " . "'" . trim($iter['dosage']) . "', " . "'" . trim($iter['period']) . "', " . "'" . trim($iter['quantity']) . "', " . "'" . trim($iter['refills']) . "', " . "'" . $taxrates . "' " . ")");
             // Add prices for this drug ID and selector.
             foreach ($iter['price'] as $key => $value) {
Exemple #2
0
         sqlStatement("UPDATE drugs SET " . "name = '" . escapedff('form_name') . "', " . "ndc_number = '" . escapedff('form_ndc_number') . "', " . "drug_code = '" . escapedff('form_drug_code') . "', " . "on_order = '" . escapedff('form_on_order') . "', " . "reorder_point = '" . escapedff('form_reorder_point') . "', " . "max_level = '" . escapedff('form_max_level') . "', " . "form = '" . escapedff('form_form') . "', " . "size = '" . escapedff('form_size') . "', " . "unit = '" . escapedff('form_unit') . "', " . "route = '" . escapedff('form_route') . "', " . "cyp_factor = '" . numericff('form_cyp_factor') . "', " . "related_code = '" . escapedff('form_related_code') . "', " . "allow_multiple = " . (empty($_POST['form_allow_multiple']) ? 0 : 1) . ", " . "allow_combining = " . (empty($_POST['form_allow_combining']) ? 0 : 1) . ", " . "active = " . (empty($_POST['form_active']) ? 0 : 1) . " " . "WHERE drug_id = ?", array($drug_id));
         sqlStatement("DELETE FROM drug_templates WHERE drug_id = ?", array($drug_id));
     } else {
         // deleting
         if (acl_check('admin', 'super')) {
             sqlStatement("DELETE FROM drug_inventory WHERE drug_id = ?", array($drug_id));
             sqlStatement("DELETE FROM drug_templates WHERE drug_id = ?", array($drug_id));
             sqlStatement("DELETE FROM drugs WHERE drug_id = ?", array($drug_id));
             sqlStatement("DELETE FROM prices WHERE pr_id = ? AND pr_selector != ''", array($drug_id));
         }
     }
 } else {
     if ($_POST['form_save']) {
         // saving a new drug
         $new_drug = true;
         $drug_id = sqlInsert("INSERT INTO drugs ( " . "name, ndc_number, drug_code, on_order, reorder_point, max_level, form, " . "size, unit, route, cyp_factor, related_code, " . "allow_multiple, allow_combining, active " . ") VALUES ( " . "'" . escapedff('form_name') . "', " . "'" . escapedff('form_ndc_number') . "', " . "'" . escapedff('form_drug_code') . "', " . "'" . escapedff('form_on_order') . "', " . "'" . escapedff('form_reorder_point') . "', " . "'" . escapedff('form_max_level') . "', " . "'" . escapedff('form_form') . "', " . "'" . escapedff('form_size') . "', " . "'" . escapedff('form_unit') . "', " . "'" . escapedff('form_route') . "', " . "'" . numericff('form_cyp_factor') . "', " . "'" . escapedff('form_related_code') . "', " . (empty($_POST['form_allow_multiple']) ? 0 : 1) . ", " . (empty($_POST['form_allow_combining']) ? 0 : 1) . ", " . (empty($_POST['form_active']) ? 0 : 1) . ")");
     }
 }
 if ($_POST['form_save'] && $drug_id) {
     $tmpl = $_POST['form_tmpl'];
     // If using the simplified drug form, then force the one and only
     // selector name to be the same as the product name.
     if ($GLOBALS['sell_non_drug_products'] == 2) {
         $tmpl["1"]['selector'] = $_POST['form_name'];
     }
     sqlStatement("DELETE FROM prices WHERE pr_id = ? AND pr_selector != ''", array($drug_id));
     for ($lino = 1; isset($tmpl["{$lino}"]['selector']); ++$lino) {
         $iter = $tmpl["{$lino}"];
         $selector = trim($iter['selector']);
         if ($selector) {
             $taxrates = "";