function insertPhIS($con, $id) { $phisDataSQL = "SELECT ID, patientName, patientMrn, patientIdno, patientIdType, patientDateOfBirth, patientAge, \n\tpatientGender, patientRace, patientNationality, patientPregnancyStatus, patientPregnancyGestationPeriod, \n\tpatientAllergicStatus, patientAllergicDescription, ptjCode, facilityID, facilityName, adrNo, adverseReactionDesc, \n\tdateOfReaction, timeOnsetReaction, reactionUnit, treatAdvReaction, adrOutcome, drugRelationship, \n\textentOfReaction, reactionSubsided, reactionReappear, adrCategory, additionalinfo, seriousness, \n\tseriousnessCriteria, dateOfDeath, causeOfDeath, wasAutopsyDone, autopsyCauseDeath, investigationLabData, \n\tmedicalHistory, remarks, reporterName, reporterDesignation, reporterState, reporterFacility, reporterDepartment, \n\treporterEmail, reporterAddress, dateOfReport, confirmFlag, reporterContactNumber, reporterMobileNumber, verifiedBy, \n\tskinReaction, acneiform, alopecia, erythemaMultiforme, erythemaNodosum, fixedDrugEruption, maculoPapularRash, \n\tphotosensitivity, pigmentaryChanges, pruritusOnly, purpura, toxicEpidermalNecrolysis, stevensJhonsonSynd, \n\turticaria, angioadema, vasculitis, vesiculobullousReaction, other, bodyAffect, mStatus, receiveDate\n\tFROM phisdata WHERE ID = '{$id}'"; $phisRes = $con->query($phisDataSQL); if ($phisRes) { if ($phisRes->num_rows > 0) { $formID = "12345678"; $dataSql = "INSERT INTO adrdata SET adrFormID = '{$formID}', "; $detailSql = "INSERT INTO adrdetail SET adrFormID = '{$formID}', "; $drugSql = "INSERT INTO adr_druglist SET adrFormID = '{$formID}', "; $phis = $phisRes->fetch_assoc(); // $dataSql .= "ptName = '".mysqli_real_escape_string($con, $phis['patientName'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['patientMrn'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['patientIdno'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['patientIdType'])."', "; $dataSql .= "ptDOB = '" . mysqli_real_escape_string($con, $phis['patientDateOfBirth']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['patientAge'])."', "; $phis['patientGender'] = convertGender($phis['patientGender']); $dataSql .= "sex = '" . mysqli_real_escape_string($con, $phis['patientGender']) . "', "; $phis['patientRace'] = convertRace($phis['patientRace']); $dataSql .= "ethnic = '" . mysqli_real_escape_string($con, $phis['patientRace']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['patientNationality'])."', "; $phis['patientPregnancyStatus'] = convertYesNo($phis['patientPregnancyStatus']); $dataSql .= "pregnancyStat = '" . mysqli_real_escape_string($con, $phis['patientPregnancyStatus']) . "', "; $dataSql .= "gesPer = '" . mysqli_real_escape_string($con, $phis['patientPregnancyGestationPeriod']) . "', "; ${$phis}['patientAllergicStatus'] = convertYesNo($phis['patientAllergicStatus']); $dataSql .= "allergyStat = '" . mysqli_real_escape_string($con, $phis['patientAllergicStatus']) . "', "; $dataSql .= "allergyText = '" . mysqli_real_escape_string($con, $phis['patientAllergicDescription']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['ptjCode'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['facilityID'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['facilityName'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['adrNo'])."', "; $detailSql .= "AdrDesc = '" . mysqli_real_escape_string($con, $phis['adverseReactionDesc']) . "', "; $detailSql .= "Adr_onsetDate = '" . mysqli_real_escape_string($con, $phis['dateOfReaction']) . "', "; $detailSql .= "Adr_Dur = '" . mysqli_real_escape_string($con, $phis['timeOnsetReaction']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['reactionUnit'])."', "; $detailSql .= "Adr_treat = '" . mysqli_real_escape_string($con, $phis['treatAdvReaction']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['adrOutcome'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['drugRelationship'])."', "; $phis['extentOfReaction'] = convertExtent($phis['extentOfReaction']); $detailSql .= "Adr_Extent = '" . mysqli_real_escape_string($con, $phis['extentOfReaction']) . "', "; $phis['reactionSubsided'] = convertYesNo($phis['reactionSubsided']); $drugSql .= "subsided = '" . mysqli_real_escape_string($con, $phis['reactionSubsided']) . "', "; $phis['reactionReappear'] = convertYesNo($phis['reactionReappear']); $drugSql .= "reappear = '" . mysqli_real_escape_string($con, $phis['reactionReappear']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['adrCategory'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['additionalinfo'])."', "; $phis['seriousness'] = convertYesNo($phis['seriousness']); $detailSql .= "seriousness = '" . mysqli_real_escape_string($con, $phis['seriousness']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['seriousnessCriteria'])."', "; $detailSql .= "Adr_dateofDeath = '" . mysqli_real_escape_string($con, $phis['dateOfDeath']) . "', "; $detailSql .= "Adr_causeofDeath = '" . mysqli_real_escape_string($con, $phis['causeOfDeath']) . "', "; $phis['wasAutopsyDone'] = convertYesNo($phis['wasAutopsyDone']); $detailSql .= "Adr_autopsyyesno = '" . mysqli_real_escape_string($con, $phis['wasAutopsyDone']) . "', "; $detailSql .= "Adr_detDeath = '" . mysqli_real_escape_string($con, $phis['autopsyCauseDeath']) . "', "; $dataSql .= "lab_data = '" . mysqli_real_escape_string($con, $phis['investigationLabData']) . "', "; $dataSql .= "history = '" . mysqli_real_escape_string($con, $phis['medicalHistory']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['remarks'])."', "; $dataSql .= "reporter_name = '" . mysqli_real_escape_string($con, $phis['reporterName']) . "', "; $dataSql .= "desig = '" . mysqli_real_escape_string($con, $phis['reporterDesignation']) . "', "; $dataSql .= "reporter_state = '" . mysqli_real_escape_string($con, $phis['reporterState']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['reporterFacility'])."', "; $dataSql .= "reporter_dept = '" . mysqli_real_escape_string($con, $phis['reporterDepartment']) . "', "; $dataSql .= "reporter_email = '" . mysqli_real_escape_string($con, $phis['reporterEmail']) . "', "; $dataSql .= "reporter_address = '" . mysqli_real_escape_string($con, $phis['reporterAddress']) . "', "; $dataSql .= "report_date = '" . mysqli_real_escape_string($con, $phis['dateOfReport']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['confirmFlag'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['reporterContactNumber'])."', "; $dataSql .= "reporter_telno = '" . mysqli_real_escape_string($con, $phis['reporterMobileNumber']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['verifiedBy'])."', "; $phis['skinReaction'] = convertYesNo($phis['skinReaction']); $detailSql .= "AdrSkinReactYesNo = '" . mysqli_real_escape_string($con, $phis['skinReaction']) . "', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['acneiform'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['alopecia'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['erythemaMultiforme'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['erythemaNodosum'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['fixedDrugEruption'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['maculoPapularRash'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['photosensitivity'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['pigmentaryChanges'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['pruritusOnly'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['purpura'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['toxicEpidermalNecrolysis'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['stevensJhonsonSynd'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['urticaria'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['angioadema'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['vasculitis'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['vesiculobullousReaction'])."', "; // $dataSql .= "xxxxx = '".mysqli_real_escape_string($con, $phis['other'])."', "; $detailSql .= "AdrBodyPart = '" . mysqli_real_escape_string($con, $phis['bodyAffect']) . "', "; // echo "$dataSql"; // echo(str_replace("\'", "", $dataSql)); // echo "$detailSql"; } } }
if (!isset($_GET['token']) or !is_valid_token($_GET['token'])) { die("Valid token required"); } $token = $_GET['token']; $patient_id = get_patient_id_from_token($token); $slot_id = get_slot_id_from_token($token); /*------------------------------------------------------------------------------ * Step 1: Collect our POST variables into PHP variables for readability. * We will perform data validation with helper functions. * Pay careful attention to variables which have bounds * As well as date parsing. SQL date convention is: YYYY-MM-DD * As well as Yes/No or True/False responses. SQL convention dictates we * store such information as CHAR(1): 'Y' or 'N'. */ // Convert Yes or No to Y or N $has_pain_now = convertYesNo($_POST['has_pain']); $month = clean($_POST['month']); $day = clean($_POST['day']); $year = clean($_POST['year']); $date = sql_friendly_date($month . '/' . $day . '/' . $year); // Give date like 02/28/2015 and convert to SQL friendly date if (!isReasonableYear($year)) { die("Please enter a reasonable year, {$year} is not reasonable."); } $activity_onset_pain = clean($_POST['activity']); $pain_right_now = clean($_POST['pain_right_now']); $pain_at_worst = clean($_POST['pain_at_worst']); $pain_at_best = clean($_POST['pain_at_best']); $pain_on_average = clean($_POST['pain_on_average']); $makes_pain_worse = clean($_POST['makes_pain_worse']); $makes_pain_better = clean($_POST['makes_pain_better']);