public function newEDT($data) { if (!$this->isPatient($data['pid']) || !checkFilled($data) || !verifyDate($data['dateperf']) || !checkNumber($data['cost']) || !checkNumber($data['duration']) || !checkNumber($data['pid'])) { return false; } // Verify the physicians mentioned are valid $a = new Admin(); $physicians = $a->getAllPhysicians(); $enames = explode(',', $data['enames']); foreach ($enames as $e) { if (!array_search(trim($e), $physicians)) { printError("A physician specified in the Physician Names field does not exist."); return false; } } $success = true; $pid = $data['pid']; unset($data['pid']); $newEDT = 0; if (!$this->dbh->insert('EDTRecords', $data)) { $success = false; } else { $result = $this->dbh->query('SELECT MAX(edtid) AS last FROM EDTRecords'); $newEDT = $result[0]['last']; // Could potentially be bad, if the ordering of insertions between users interferes } if (!$this->dbh->insert('PatientExaminations', array('pid' => $pid, 'edtid' => $newEDT))) { $success = false; } return $success; }
function submitRegistrationFormDatetime($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) { if ($elementIsRequired && (!isset($_POST[$postVarName]) || $_POST[$postVarName] == "" || $_POST[$postVarName] == NULL)) { displayerror("Essential field " . $elementName . " is missing"); return false; } if (!$elementIsRequired && $_POST[$postVarName] == "") { return true; } $strdatetime = escape($_POST[$postVarName]); $pos = strpos($strdatetime, " "); $date = substr($strdatetime, 0, $pos); $time = substr($strdatetime, $pos + 1, strlen($strdatetime)); if (!verifyDate($date)) { return false; } if (!verifyTime($time)) { return false; } $textQuery = "SELECT 1 FROM `form_elementdata` " . "WHERE `user_id` ='{$userId}' AND `page_modulecomponentid` ='{$moduleCompId}' AND `form_elementid` ='{$elementId}'"; $textResult = mysql_query($textQuery); if (!$textResult) { displayerror('E234 : Invalid query: ' . mysql_error()); return false; } if (mysql_num_rows($textResult) > 0) { $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '" . escape($_POST[$postVarName]) . "' " . "WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$moduleCompId}' AND `form_elementid` = '{$elementId}'"; $textUpdateResult = mysql_query($textUpdateQuery); if (!$textUpdateResult) { displayerror('E12 : Invalid query: ' . mysql_error()); return false; } } else { $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) " . "VALUES ( '{$userId}', '{$moduleCompId}', '{$elementId}', '" . escape($_POST[$postVarName]) . "')"; $textInsertResult = mysql_query($textInsertQuery); if (!$textInsertResult) { displayerror('E89 : Invalid query: ' . mysql_error()); return false; } } return true; }
public function checkOutPatient($data) { if (!$this->isPatient($data['pid']) || !checkFilled($data) || !verifyDate($data['outdate']) || !checkNumber($data['eidout']) || !checkNumber($data['pid']) || !$this->isCheckedIn($data['pid'])) { return false; } $where = array('field' => 'pid', 'value' => $data['pid']); // Add up costs of EDT records for that visit $total = 0; $t = new Treatment(); $edts = $t->getEDTRecords($data['pid'], true); foreach ($edts as $e) { $total = $total + $e['cost']; } $data['totalbill'] = $total; unset($data['pid']); // remove pid from elements return $this->dbh->update('CheckInOuts', $data, $where, true); }