Exemple #1
0
            //
            // erase lists options and recreate them from the submitted form data
            sqlStatement("DELETE FROM list_options WHERE list_id = '{$list_id}'");
            for ($lino = 1; isset($opt["{$lino}"]['id']); ++$lino) {
                $iter = $opt["{$lino}"];
                $value = empty($iter['value']) ? 0 : formTrim($iter['value']) + 0;
                $id = formTrim($iter['id']);
                if (strlen($id) > 0) {
                    // Special processing for the immunizations list
                    // Map the entered cvx codes into the immunizations table cvx_code
                    sqlStatement("UPDATE `immunizations` " . "SET `cvx_code`='" . $value . "' " . "WHERE `immunization_id`='" . $id . "'");
                    // Force List Based Form names to start with LBF.
                    if ($list_id == 'lbfnames' && substr($id, 0, 3) != 'LBF') {
                        $id = "LBF{$id}";
                    }
                    sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value, mapping, notes " . ") VALUES ( " . "'{$list_id}', " . "'" . $id . "', " . "'" . formTrim($iter['title']) . "', " . "'" . formTrim($iter['seq']) . "', " . "'" . formTrim($iter['default']) . "', " . "'" . $value . "', " . "'" . formTrim($iter['mapping']) . "', " . "'" . formTrim($iter['notes']) . "' " . ")");
                }
            }
        }
    }
} else {
    if ($_POST['formaction'] == 'addlist') {
        // make a new list ID from the new list name
        $newlistID = $_POST['newlistname'];
        $newlistID = preg_replace("/\\W/", "_", $newlistID);
        // determine the position of this new list
        $row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id= 'lists'");
        // add the new list to the list-of-lists
        sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value " . ") VALUES ( " . "'lists'," . "'" . $newlistID . "'," . "'" . $_POST['newlistname'] . "', " . "'" . ($row['maxseq'] + 1) . "'," . "'1', '0')");
    } else {
        if ($_POST['formaction'] == 'deletelist') {
     // this new group is prefixed with the net highest number given the
     // layout_id
     $results = sqlStatement("select distinct(group_name) as gname " . " from layout_options where " . " form_id = '" . $_POST['layout_id'] . "'");
     $maxnum = '1';
     while ($result = sqlFetchArray($results)) {
         $tmp = substr($result['gname'], 0, 1);
         if ($tmp >= $maxnum) {
             $maxnum = nextGroupOrder($tmp);
         }
     }
     $data_type = formTrim($_POST['gnewdatatype']);
     $max_length = $data_type == 3 ? 3 : 255;
     $listval = $data_type == 34 ? formTrim($_POST['gcontextName']) : formTrim($_POST['gnewlistid']);
     // add a new group to the layout, with the defined field
     sqlStatement("INSERT INTO layout_options (" . " form_id, source, field_id, title, group_name, seq, uor, fld_length, fld_rows" . ", titlecols, datacols, data_type, edit_options, default_value, description" . ", max_length, list_id, list_backup_id " . ") VALUES ( " . "'" . formTrim($_POST['layout_id']) . "'" . ",'" . formTrim($_POST['gnewsource']) . "'" . ",'" . formTrim($_POST['gnewid']) . "'" . ",'" . formTrim($_POST['gnewtitle']) . "'" . ",'" . formTrim($maxnum . $_POST['newgroupname']) . "'" . ",'" . formTrim($_POST['gnewseq']) . "'" . ",'" . formTrim($_POST['gnewuor']) . "'" . ",'" . formTrim($_POST['gnewlengthWidth']) . "'" . ",'" . formTrim($_POST['gnewlengthHeight']) . "'" . ",'" . formTrim($_POST['gnewtitlecols']) . "'" . ",'" . formTrim($_POST['gnewdatacols']) . "'" . ",'{$data_type}'" . ",'" . formTrim($_POST['gnewedit_options']) . "'" . ",'" . formTrim($_POST['gnewdefault']) . "'" . ",'" . formTrim($_POST['gnewdesc']) . "'" . ",'" . formTrim($_POST['gnewmaxSize']) . "'" . ",'" . $listval . "'" . ",'" . formTrim($_POST['gnewbackuplistid']) . "'" . " )");
     addOrDeleteColumn($layout_id, formTrim($_POST['gnewid']), TRUE);
 } else {
     if ($_POST['formaction'] == "deletegroup" && $layout_id) {
         // drop the fields from the related table (this is critical)
         $res = sqlStatement("SELECT field_id FROM layout_options WHERE " . "form_id = '" . $_POST['layout_id'] . "' " . "AND group_name = '" . $_POST['deletegroupname'] . "'");
         while ($row = sqlFetchArray($res)) {
             addOrDeleteColumn($layout_id, $row['field_id'], FALSE);
         }
         // Delete an entire group from the form
         sqlStatement("DELETE FROM layout_options WHERE " . " form_id = '" . $_POST['layout_id'] . "' " . " AND group_name = '" . $_POST['deletegroupname'] . "'");
     } else {
         if ($_POST['formaction'] == "movegroup" && $layout_id) {
             $results = sqlStatement("SELECT DISTINCT(group_name) AS gname " . "FROM layout_options WHERE form_id = '{$layout_id}' " . "ORDER BY gname");
             $garray = array();
             $i = 0;
             while ($result = sqlFetchArray($results)) {
Exemple #3
0
                        }
                        // Force List Based Form names to start with LBF.
                        if ($list_id == 'lbfnames' && substr($id, 0, 3) != 'LBF') {
                            $id = "LBF{$id}";
                        }
                        // Force Transaction Form names to start with LBT.
                        if ($list_id == 'transactions' && substr($id, 0, 3) != 'LBT') {
                            $id = "LBT{$id}";
                        }
                        if ($list_id == 'apptstat') {
                            $notes = formTrim($iter['apptstat_color']) . '|' . formTrim($iter['apptstat_timealert']);
                        } else {
                            $notes = formTrim($iter['notes']);
                        }
                        // Insert the list item
                        sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value, mapping, notes, codes, toggle_setting_1, toggle_setting_2, activity, subtype " . ") VALUES ( " . "'{$list_id}', " . "'" . $id . "', " . "'" . formTrim($iter['title']) . "', " . "'" . formTrim($iter['seq']) . "', " . "'" . formTrim($iter['default']) . "', " . "'" . $value . "', " . "'" . formTrim($iter['mapping']) . "', " . "'" . $notes . "', " . "'" . formTrim($iter['codes']) . "', " . "'" . formTrim($iter['toggle_setting_1']) . "', " . "'" . formTrim($iter['toggle_setting_2']) . "', " . "'" . formTrim($iter['activity']) . "', " . "'" . formTrim($iter['subtype']) . "'  " . ")");
                    }
                }
            }
        }
    }
} else {
    if ($_POST['formaction'] == 'addlist') {
        // make a new list ID from the new list name
        $newlistID = $_POST['newlistname'];
        $newlistID = preg_replace("/\\W/", "_", $newlistID);
        // determine the position of this new list
        $row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id= 'lists'");
        // add the new list to the list-of-lists
        sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value " . ") VALUES ( " . "'lists'," . "'" . $newlistID . "'," . "'" . $_POST['newlistname'] . "', " . "'" . ($row['maxseq'] + 1) . "'," . "'1', '0')");
    } else {
Exemple #4
0
function get_layout_form_value($frow, $maxlength = 255)
{
    // Bring in $sanitize_all_escapes variable, which will decide
    //  the variable escaping method.
    global $sanitize_all_escapes;
    $data_type = $frow['data_type'];
    $field_id = $frow['field_id'];
    $value = '';
    if (isset($_POST["form_{$field_id}"])) {
        if ($data_type == 21) {
            // $_POST["form_$field_id"] is an array of checkboxes and its keys
            // must be concatenated into a |-separated string.
            foreach ($_POST["form_{$field_id}"] as $key => $val) {
                if (strlen($value)) {
                    $value .= '|';
                }
                $value .= $key;
            }
        } else {
            if ($data_type == 22) {
                // $_POST["form_$field_id"] is an array of text fields to be imploded
                // into "key:value|key:value|...".
                foreach ($_POST["form_{$field_id}"] as $key => $val) {
                    $val = str_replace('|', ' ', $val);
                    if (strlen($value)) {
                        $value .= '|';
                    }
                    $value .= "{$key}:{$val}";
                }
            } else {
                if ($data_type == 23) {
                    // $_POST["form_$field_id"] is an array of text fields with companion
                    // radio buttons to be imploded into "key:n:notes|key:n:notes|...".
                    foreach ($_POST["form_{$field_id}"] as $key => $val) {
                        $restype = $_POST["radio_{$field_id}"][$key];
                        if (empty($restype)) {
                            $restype = '0';
                        }
                        $val = str_replace('|', ' ', $val);
                        if (strlen($value)) {
                            $value .= '|';
                        }
                        $value .= "{$key}:{$restype}:{$val}";
                    }
                } else {
                    if ($data_type == 25) {
                        // $_POST["form_$field_id"] is an array of text fields with companion
                        // checkboxes to be imploded into "key:n:notes|key:n:notes|...".
                        foreach ($_POST["form_{$field_id}"] as $key => $val) {
                            $restype = empty($_POST["check_{$field_id}"][$key]) ? '0' : '1';
                            $val = str_replace('|', ' ', $val);
                            if (strlen($value)) {
                                $value .= '|';
                            }
                            $value .= "{$key}:{$restype}:{$val}";
                        }
                    } else {
                        if ($data_type == 28) {
                            // $_POST["form_$field_id"] is an date text fields with companion
                            // radio buttons to be imploded into "notes|type|date".
                            $restype = $_POST["radio_{$field_id}"];
                            if (empty($restype)) {
                                $restype = '0';
                            }
                            $resdate = str_replace('|', ' ', $_POST["date_{$field_id}"]);
                            $resnote = str_replace('|', ' ', $_POST["form_{$field_id}"]);
                            $value = "{$resnote}|{$restype}|{$resdate}";
                        } else {
                            $value = $_POST["form_{$field_id}"];
                        }
                    }
                }
            }
        }
    }
    // Better to die than to silently truncate data!
    if ($maxlength && $data_type != 3 && strlen($value) > $maxlength) {
        die(htmlspecialchars(xl('ERROR: Field') . " '{$field_id}' " . xl('is too long'), ENT_NOQUOTES) . ":<br />&nbsp;<br />" . htmlspecialchars($value, ENT_NOQUOTES));
    }
    // Make sure the return value is quote-safe.
    if ($sanitize_all_escapes) {
        //escapes already removed and using binding/placemarks in sql calls
        // so only need to trim value
        return trim($value);
    } else {
        //need to explicitly prepare value
        return formTrim($value);
    }
}
Exemple #5
0
                     if ($layout_id == "SRH") {
                         $tablename = "lists_ippf_srh";
                     } else {
                         if ($layout_id == "CON") {
                             $tablename = "lists_ippf_con";
                         } else {
                             if ($layout_id == "GCA") {
                                 $tablename = "lists_ippf_gcac";
                             }
                         }
                     }
                 }
             }
         }
         sqlStatement("ALTER TABLE `" . $tablename . "` ADD " . "`" . formTrim($_POST['gnewid']) . "`" . " VARCHAR( 255 )");
         newEvent("alter_table", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $tablename . " ADD " . formTrim($_POST['gnewid']));
     }
 } else {
     if ($_POST['formaction'] == "deletegroup" && $layout_id) {
         // drop the fields from the related table (this is critical)
         if (substr($layout_id, 0, 3) != 'LBF') {
             $res = sqlStatement("SELECT field_id FROM layout_options WHERE " . " form_id = '" . $_POST['layout_id'] . "' " . " AND group_name = '" . $_POST['deletegroupname'] . "'");
             while ($row = sqlFetchArray($res)) {
                 // drop the field from the table too (this is critical)
                 if ($layout_id == "DEM") {
                     $tablename = "patient_data";
                 } else {
                     if ($layout_id == "HIS") {
                         $tablename = "history_data";
                     } else {
                         if ($layout_id == "REF") {
function get_layout_form_value($frow, $prefix='form_') {
  // Bring in $sanitize_all_escapes variable, which will decide
  //  the variable escaping method.
  global $sanitize_all_escapes;

  $maxlength = empty($frow['max_length']) ? 0 : intval($frow['max_length']);
  $data_type = $frow['data_type'];
  $field_id  = $frow['field_id'];
  $value  = '';
  if (isset($_POST["$prefix$field_id"])) {
    if ($data_type == 21) {
      // $_POST["$prefix$field_id"] is an array of checkboxes and its keys
      // must be concatenated into a |-separated string.
      foreach ($_POST["$prefix$field_id"] as $key => $val) {
        if (strlen($value)) $value .= '|';
        $value .= $key;
      }
    }
    else if ($data_type == 22) {
      // $_POST["$prefix$field_id"] is an array of text fields to be imploded
      // into "key:value|key:value|...".
      foreach ($_POST["$prefix$field_id"] as $key => $val) {
        $val = str_replace('|', ' ', $val);
        if (strlen($value)) $value .= '|';
        $value .= "$key:$val";
      }
    }
    else if ($data_type == 23) {
      // $_POST["$prefix$field_id"] is an array of text fields with companion
      // radio buttons to be imploded into "key:n:notes|key:n:notes|...".
      foreach ($_POST["$prefix$field_id"] as $key => $val) {
        $restype = $_POST["radio_{$field_id}"][$key];
        if (empty($restype)) $restype = '0';
        $val = str_replace('|', ' ', $val);
        if (strlen($value)) $value .= '|';
        $value .= "$key:$restype:$val";
      }
    }
    else if ($data_type == 25) {
      // $_POST["$prefix$field_id"] is an array of text fields with companion
      // checkboxes to be imploded into "key:n:notes|key:n:notes|...".
      foreach ($_POST["$prefix$field_id"] as $key => $val) {
        $restype = empty($_POST["check_{$field_id}"][$key]) ? '0' : '1';
        $val = str_replace('|', ' ', $val);
        if (strlen($value)) $value .= '|';
        $value .= "$key:$restype:$val";
      }
    }
    else if ($data_type == 28 || $data_type == 32) {
      // $_POST["$prefix$field_id"] is an date text fields with companion
      // radio buttons to be imploded into "notes|type|date".
      $restype = $_POST["radio_{$field_id}"];
      if (empty($restype)) $restype = '0';
      $resdate = str_replace('|', ' ', $_POST["date_$field_id"]);
      $resnote = str_replace('|', ' ', $_POST["$prefix$field_id"]);
      if ($data_type == 32)
      {
      //VicarePlus :: Smoking status data is imploded into "note|type|date|list".
      $reslist = str_replace('|', ' ', $_POST["$prefix$field_id"]);
      $res_text_note = str_replace('|', ' ', $_POST["{$prefix}text_$field_id"]);
      $value = "$res_text_note|$restype|$resdate|$reslist";
      }
      else
      $value = "$resnote|$restype|$resdate";
    }
    else if ($data_type == 36) {
	  $value_array = $_POST["form_$field_id"];
	  $i = 0;
	  foreach ($value_array as $key => $valueofkey) {
	    if ($i == 0) {
	      $value = $valueofkey;
	    } else {
	      $value =  $value . "|" . $valueofkey;
	    }
	    $i++;
	  }
    }
    else {
      $value = $_POST["$prefix$field_id"];
    }
  }

  // Better to die than to silently truncate data!
  if ($maxlength && $maxlength != 0 && strlen($value) > $maxlength)
    die(htmlspecialchars( xl('ERROR: Field') . " '$field_id' " . xl('is too long'), ENT_NOQUOTES) .
    ":<br />&nbsp;<br />".htmlspecialchars( $value, ENT_NOQUOTES));

  // Make sure the return value is quote-safe.
  if ($sanitize_all_escapes) {
    //escapes already removed and using binding/placemarks in sql calls
    // so only need to trim value
    return trim($value);
  }
  else {
    //need to explicitly prepare value
    return formTrim($value);
  }
}
Exemple #7
0
             }
              // Insert the list item
              sqlInsert("INSERT INTO list_options ( " .
                "list_id, option_id, title, seq, is_default, option_value, mapping, notes, codes, toggle_setting_1, toggle_setting_2 " .
                ") VALUES ( " .
                "'$list_id', "                       .
                "'" . $id                        . "', " .
                "'" . formTrim($iter['title'])   . "', " .
                "'" . formTrim($iter['seq'])     . "', " .
                "'" . formTrim($iter['default']) . "', " .
                "'" . $value                     . "', " .
                "'" . formTrim($iter['mapping']) . "', " .
                "'" . $notes                 . "', " .
                "'" . formTrim($iter['codes'])   . "', " .
                "'" . formTrim($iter['toggle_setting_1'])   . "', " .
                "'" . formTrim($iter['toggle_setting_2'])   . "' " .								
                ")");
            }
        }
    }
}
else if ($_POST['formaction']=='addlist') {
    // make a new list ID from the new list name
    $newlistID = $_POST['newlistname'];
    $newlistID = preg_replace("/\W/", "_", $newlistID);

    // determine the position of this new list
    $row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id= 'lists'");

    // add the new list to the list-of-lists
    sqlInsert("INSERT INTO list_options ( " .
Exemple #8
0
function get_layout_form_value($frow, $maxlength = 255)
{
    $data_type = $frow['data_type'];
    $field_id = $frow['field_id'];
    $value = '';
    if (isset($_POST["form_{$field_id}"])) {
        if ($data_type == 21) {
            // $_POST["form_$field_id"] is an array of checkboxes and its keys
            // must be concatenated into a |-separated string.
            foreach ($_POST["form_{$field_id}"] as $key => $val) {
                if (strlen($value)) {
                    $value .= '|';
                }
                $value .= $key;
            }
        } else {
            if ($data_type == 22) {
                // $_POST["form_$field_id"] is an array of text fields to be imploded
                // into "key:value|key:value|...".
                foreach ($_POST["form_{$field_id}"] as $key => $val) {
                    $val = str_replace('|', ' ', $val);
                    if (strlen($value)) {
                        $value .= '|';
                    }
                    $value .= "{$key}:{$val}";
                }
            } else {
                if ($data_type == 23) {
                    // $_POST["form_$field_id"] is an array of text fields with companion
                    // radio buttons to be imploded into "key:n:notes|key:n:notes|...".
                    foreach ($_POST["form_{$field_id}"] as $key => $val) {
                        $restype = $_POST["radio_{$field_id}"][$key];
                        if (empty($restype)) {
                            $restype = '0';
                        }
                        $val = str_replace('|', ' ', $val);
                        if (strlen($value)) {
                            $value .= '|';
                        }
                        $value .= "{$key}:{$restype}:{$val}";
                    }
                } else {
                    if ($data_type == 25) {
                        // $_POST["form_$field_id"] is an array of text fields with companion
                        // checkboxes to be imploded into "key:n:notes|key:n:notes|...".
                        foreach ($_POST["form_{$field_id}"] as $key => $val) {
                            $restype = empty($_POST["check_{$field_id}"][$key]) ? '0' : '1';
                            $val = str_replace('|', ' ', $val);
                            if (strlen($value)) {
                                $value .= '|';
                            }
                            $value .= "{$key}:{$restype}:{$val}";
                        }
                    } else {
                        if ($data_type == 28) {
                            // $_POST["form_$field_id"] is an date text fields with companion
                            // radio buttons to be imploded into "notes|type|date".
                            $restype = $_POST["radio_{$field_id}"];
                            if (empty($restype)) {
                                $restype = '0';
                            }
                            $resdate = str_replace('|', ' ', $_POST["date_{$field_id}"]);
                            $resnote = str_replace('|', ' ', $_POST["form_{$field_id}"]);
                            $value = "{$resnote}|{$restype}|{$resdate}";
                        } else {
                            $value = $_POST["form_{$field_id}"];
                        }
                    }
                }
            }
        }
    }
    // Better to die than to silently truncate data!
    if ($maxlength && $data_type != 3 && strlen($value) > $maxlength) {
        die(xl('ERROR: Field') . " '{$field_id}' " . xl('is too long') . ":<br />&nbsp;<br />{$value}");
    }
    // Make sure the return value is quote-safe.
    return formTrim($value);
}