{ $output = array(); $query = sqlStatement("SELECT " . implode(',', $fieldnames) . " FROM list_options where list_id = ? AND activity = 1 order by seq", array($list_id)); while ($ll = sqlFetchArray($query)) { foreach ($fieldnames as $val) { $output[$ll['option_id']][$val] = $ll[$val]; } } return $output; } $formid = formData('id', 'G') + 0; // If Save or Transmit was clicked, save the info. // if ($_POST['bn_save'] || $_POST['bn_xmit']) { $ppid = formData('form_lab_id') + 0; $sets = "date_ordered = " . QuotedOrNull(formData('form_date_ordered')) . ", " . "provider_id = " . (formData('form_provider_id') + 0) . ", " . "lab_id = " . $ppid . ", " . "date_collected = " . QuotedOrNull(formData('form_date_collected')) . ", " . "order_priority = '" . formData('form_order_priority') . "', " . "order_status = '" . formData('form_order_status') . "', " . "clinical_hx = '" . formData('form_clinical_hx') . "', " . "patient_instructions = '" . formData('form_patient_instructions') . "', " . "patient_id = '" . $pid . "', " . "encounter_id = '" . $encounter . "', " . "history_order= '" . formData('form_history_order') . "'"; // If updating an existing form... // if ($formid) { $query = "UPDATE procedure_order SET {$sets} " . "WHERE procedure_order_id = '{$formid}'"; sqlStatement($query); } else { $query = "INSERT INTO procedure_order SET {$sets}"; $formid = sqlInsert($query); addForm($encounter, "Procedure Order", $formid, "procedure_order", $pid, $userauthorized); } // Remove any existing procedures and their answers for this order and // replace them from the form. sqlStatement("DELETE FROM procedure_answers WHERE procedure_order_id = ?", array($formid)); sqlStatement("DELETE FROM procedure_order_code WHERE procedure_order_id = ?", array($formid)); for ($i = 0; isset($_POST['form_proc_type'][$i]); ++$i) {
$form_end = fixDate($_POST['form_end'], ''); if ($text_type == 'football_injury') { $form_injury_part = $_POST['form_injury_part']; $form_injury_type = $_POST['form_injury_type']; } else { $form_injury_part = $_POST['form_medical_system']; $form_injury_type = $_POST['form_medical_type']; } if ($issue) { $query = "UPDATE lists SET " . "type = '" . $text_type . "', " . "title = '" . $_POST['form_title'] . "', " . "comments = '" . $_POST['form_comments'] . "', " . "begdate = " . QuotedOrNull($form_begin) . ", " . "enddate = " . QuotedOrNull($form_end) . ", " . "returndate = " . QuotedOrNull($form_return) . ", " . "diagnosis = '" . $_POST['form_diagnosis'] . "', " . "occurrence = '" . $_POST['form_occur'] . "', " . "classification = '" . $_POST['form_classification'] . "', " . "reinjury_id = '" . $_POST['form_reinjury_id'] . "', " . "referredby = '" . $_POST['form_referredby'] . "', " . "injury_grade = '" . $_POST['form_injury_grade'] . "', " . "injury_part = '" . $form_injury_part . "', " . "injury_type = '" . $form_injury_type . "', " . "outcome = '" . $_POST['form_outcome'] . "', " . "destination = '" . $_POST['form_destination'] . "', " . "reaction ='" . $_POST['form_reaction'] . "' " . "WHERE id = '{$issue}'"; sqlStatement($query); if ($text_type == "medication" && enddate != '') { sqlStatement('UPDATE prescriptions SET ' . 'medication = 0 where patient_id = ' . $thispid . " and upper(trim(drug)) = '" . strtoupper($_POST['form_title']) . "' " . ' and medication = 1'); } } else { $issue = sqlInsert("INSERT INTO lists ( " . "date, pid, type, title, activity, comments, begdate, enddate, returndate, " . "diagnosis, occurrence, classification, referredby, user, groupname, " . "outcome, destination, reinjury_id, injury_grade, injury_part, injury_type, " . "reaction " . ") VALUES ( " . "NOW(), " . "'{$thispid}', " . "'" . $text_type . "', " . "'" . $_POST['form_title'] . "', " . "1, " . "'" . $_POST['form_comments'] . "', " . QuotedOrNull($form_begin) . ", " . QuotedOrNull($form_end) . ", " . QuotedOrNull($form_return) . ", " . "'" . $_POST['form_diagnosis'] . "', " . "'" . $_POST['form_occur'] . "', " . "'" . $_POST['form_classification'] . "', " . "'" . $_POST['form_referredby'] . "', " . "'" . ${$_SESSION}['authUser'] . "', " . "'" . ${$_SESSION}['authProvider'] . "', " . "'" . $_POST['form_outcome'] . "', " . "'" . $_POST['form_destination'] . "', " . "'" . $_POST['form_reinjury_id'] . "', " . "'" . $_POST['form_injury_grade'] . "', " . "'" . $form_injury_part . "', " . "'" . $form_injury_type . "', " . "'" . $_POST['form_reaction'] . "' " . ")"); } // For record/reporting purposes, place entry in lists_touch table. setListTouch($thispid, $text_type); if ($text_type == 'football_injury') { issue_football_injury_save($issue); } if ($text_type == 'ippf_gcac') { issue_ippf_gcac_save($issue); } if ($text_type == 'contraceptive') { issue_ippf_con_save($issue); } // If requested, link the issue to a specified encounter. if ($thisenc) { $query = "INSERT INTO issue_encounter ( " . "pid, list_id, encounter " . ") VALUES ( " . "'{$thispid}', '{$issue}', '{$thisenc}'" . ")";
if ($_REQUEST['form_injury_grade'] == "") { $form_injury_grade = "0"; } if ($_REQUEST['form_outcome'] == '') { $_REQUEST['form_outcome'] = '0'; } if ($issue != '0') { //if this issue already exists we are updating it... $query = "UPDATE lists SET " . "type = '" . add_escape_custom($form_type) . "', " . "title = '" . add_escape_custom($_REQUEST['form_title']) . "', " . "comments = '" . add_escape_custom($_REQUEST['form_comments']) . "', " . "begdate = " . QuotedOrNull($form_begin) . ", " . "enddate = " . QuotedOrNull($form_end) . ", " . "returndate = " . QuotedOrNull($form_return) . ", " . "diagnosis = '" . add_escape_custom($_REQUEST['form_diagnosis']) . "', " . "occurrence = '" . add_escape_custom($_REQUEST['form_occur']) . "', " . "classification = '" . add_escape_custom($_REQUEST['form_classification']) . "', " . "reinjury_id = '" . add_escape_custom($_REQUEST['form_reinjury_id']) . "', " . "referredby = '" . add_escape_custom($_REQUEST['form_referredby']) . "', " . "injury_grade = '" . add_escape_custom($_REQUEST['form_injury_grade']) . "', " . "injury_part = '" . add_escape_custom($form_injury_part) . "', " . "injury_type = '" . add_escape_custom($form_injury_type) . "', " . "outcome = '" . add_escape_custom($_REQUEST['form_outcome']) . "', " . "destination = '" . add_escape_custom($_REQUEST['form_destination']) . "', " . "reaction ='" . add_escape_custom($_REQUEST['form_reaction']) . "', " . "erx_uploaded = '0', " . "modifydate = NOW(), " . "subtype = '" . $subtype . "' " . "WHERE id = '" . add_escape_custom($issue) . "'"; sqlStatement($query); if ($text_type == "medication" && enddate != '') { sqlStatement('UPDATE prescriptions SET ' . 'medication = 0 where patient_id = ? ' . " and upper(trim(drug)) = ? " . ' and medication = 1', array($pid, strtoupper($_REQUEST['form_title']))); } } else { $query = "INSERT INTO lists ( " . "date, pid, type, title, activity, comments, " . "begdate, enddate, returndate, " . "diagnosis, occurrence, classification, referredby, user, " . "groupname, outcome, destination,reaction,subtype " . ") VALUES ( " . "NOW(), ?,?,?,1,?," . QuotedOrNull($form_begin) . ", " . QuotedOrNull($form_end) . ", " . QuotedOrNull($form_return) . ", " . "?,?,?,?,?," . "?,?,?,?,?)"; $issue = sqlInsert($query, array($pid, $form_type, $_REQUEST['form_title'], $_REQUEST['form_comments'], $_REQUEST['form_diagnosis'], $_REQUEST['form_occur'], $_REQUEST['form_clasification'], $_REQUEST['form_referredby'], $_SESSION['authUser'], $_SESSION['authProvider'], QuotedOrNull($_REQUEST['form_outcome']), $_REQUEST['form_destination'], $_REQUEST['form_reaction'], $subtype)); // For record/reporting purposes, place entry in lists_touch table. setListTouch($pid, $form_type); // If requested, link the issue to a specified encounter. // we always link them, automatically. if ($encounter) { $query = "INSERT INTO issue_encounter ( " . "pid, list_id, encounter " . ") VALUES ( ?,?,? )"; sqlStatement($query, array($pid, $issue, $encounter)); } } $irow = ''; //if it is a medication do we need to do something with dosage fields? //leave all in title field form now. } $PMSFH = build_PMSFH($pid); send_json_values($PMSFH);
return "NULL"; } return "'{$fld}'"; } $current_report_id = 0; if ($_POST['form_submit'] && !empty($_POST['form_line'])) { foreach ($_POST['form_line'] as $lino => $line_value) { list($order_id, $order_seq, $report_id, $result_id) = explode(':', $line_value); // Not using xl() here because this is for debugging only. if (empty($order_id)) { die("Order ID is missing from line {$lino}."); } // If report data exists for this line, save it. $date_report = oresData("form_date_report", $lino); if (!empty($date_report)) { $sets = "procedure_order_id = '{$order_id}', " . "procedure_order_seq = '{$order_seq}', " . "date_report = '{$date_report}', " . "date_collected = " . QuotedOrNull(oresData("form_date_collected", $lino)) . ", " . "specimen_num = '" . oresData("form_specimen_num", $lino) . "', " . "report_status = '" . oresData("form_report_status", $lino) . "'"; // Set the review status to reviewed. if ($form_review) { $sets .= ", review_status = 'reviewed'"; } if ($report_id) { // Report already exists. sqlStatement("UPDATE procedure_report SET {$sets} " . "WHERE procedure_report_id = '{$report_id}'"); } else { // Add new report. $report_id = sqlInsert("INSERT INTO procedure_report SET {$sets}"); } } // If this line had report data entry fields, filled or not, set the // "current report ID" which the following result data will link to. if (isset($_POST["form_date_report"][$lino])) {
if ($lot_id) { if ($_POST['form_save']) { // Make sure the destination quantity will not end up negative. if ($row['on_hand'] + $form_quantity < 0) { $info_msg = xl('Transaction failed, insufficient quantity in destination lot'); } else { sqlStatement("UPDATE drug_inventory SET " . "lot_number = '" . add_escape_custom($_POST['form_lot_number']) . "', " . "manufacturer = '" . add_escape_custom($_POST['form_manufacturer']) . "', " . "expiration = " . QuotedOrNull($_POST['form_expiration']) . ", " . "vendor_id = '" . add_escape_custom($_POST['form_vendor_id']) . "', " . "warehouse_id = '" . add_escape_custom($_POST['form_warehouse_id']) . "', " . "on_hand = on_hand + '" . add_escape_custom($form_quantity) . "' " . "WHERE drug_id = ? AND inventory_id = ?", array($drug_id, $lot_id)); } } else { sqlStatement("DELETE FROM drug_inventory WHERE drug_id = ? " . "AND inventory_id = ?", array($drug_id, $lot_id)); } } else { if ($form_quantity < 0) { $info_msg = xl('Transaction failed, quantity is less than zero'); } else { $lot_id = sqlInsert("INSERT INTO drug_inventory ( " . "drug_id, lot_number, manufacturer, expiration, " . "vendor_id, warehouse_id, on_hand " . ") VALUES ( " . "'" . add_escape_custom($drug_id) . "', " . "'" . add_escape_custom($_POST['form_lot_number']) . "', " . "'" . add_escape_custom($_POST['form_manufacturer']) . "', " . QuotedOrNull($_POST['form_expiration']) . ", " . "'" . add_escape_custom($_POST['form_vendor_id']) . "', " . "'" . add_escape_custom($_POST['form_warehouse_id']) . "', " . "'" . add_escape_custom($form_quantity) . "' " . ")"); } } // Create the corresponding drug_sales transaction. if ($_POST['form_save'] && $form_quantity) { $form_notes = $_POST['form_notes']; $form_sale_date = $_POST['form_sale_date']; if (empty($form_sale_date)) { $form_sale_date = date('Y-m-d'); } sqlInsert("INSERT INTO drug_sales ( " . "drug_id, inventory_id, prescription_id, pid, encounter, user, " . "sale_date, quantity, fee, xfer_inventory_id, distributor_id, notes " . ") VALUES ( " . "'" . add_escape_custom($drug_id) . "', " . "'" . add_escape_custom($lot_id) . "', '0', '0', '0', " . "'" . add_escape_custom($_SESSION['authUser']) . "', " . "'" . add_escape_custom($form_sale_date) . "', " . "'" . add_escape_custom(0 - $form_quantity) . "', " . "'" . add_escape_custom(0 - $form_cost) . "', " . "'" . add_escape_custom($form_source_lot) . "', " . "'" . add_escape_custom($form_distributor_id) . "', " . "'" . add_escape_custom($form_notes) . "' )"); // If this is a transfer then reduce source QOH, and also copy some // fields from the source when they are missing. if ($form_source_lot) { sqlStatement("UPDATE drug_inventory SET " . "on_hand = on_hand - ? " . "WHERE inventory_id = ?", array($form_quantity, $form_source_lot)); foreach (array('lot_number', 'manufacturer', 'expiration', 'vendor_id') as $item) {
<script language="JavaScript"> var mypcc = '<?php echo $GLOBALS['phone_country_code']; ?> '; </script> </head> <body class="body_top"> <?php // If we are saving, then save and close the window. // if ($_POST['form_save']) { sqlStatement("UPDATE drug_inventory SET " . "destroy_date = " . QuotedOrNull($form_date) . ", " . "destroy_method = '" . $_POST['form_method'] . "', " . "destroy_witness = '" . $_POST['form_witness'] . "', " . "destroy_notes = '" . $_POST['form_notes'] . "' " . "WHERE drug_id = '{$drug_id}' AND inventory_id = '{$lot_id}'"); // Close this window and redisplay the updated list of drugs. // echo "<script language='JavaScript'>\n"; if ($info_msg) { echo " alert('{$info_msg}');\n"; } echo " window.close();\n"; echo " if (opener.refreshme) opener.refreshme();\n"; echo "</script></body></html>\n"; exit; } $row = sqlQuery("SELECT * FROM drug_inventory WHERE drug_id = '{$drug_id}' " . "AND inventory_id = '{$lot_id}'"); ?> <form method='post' name='theform' action='destroy_lot.php?drug=<?php
<script language="JavaScript"> var mypcc = '<?php echo $GLOBALS['phone_country_code']; ?> '; </script> </head> <body class="body_top"> <?php // If we are saving, then save and close the window. // if ($_POST['form_save']) { sqlStatement("UPDATE drug_inventory SET " . "destroy_date = " . QuotedOrNull($_POST['form_date']) . ", " . "destroy_method = '" . add_escape_custom($_POST['form_method']) . "', " . "destroy_witness = '" . add_escape_custom($_POST['form_witness']) . "', " . "destroy_notes = '" . add_escape_custom($_POST['form_notes']) . "' " . "WHERE drug_id = ? AND inventory_id = ?", array($drug_id, $lot_id)); // Close this window and redisplay the updated list of drugs. // echo "<script language='JavaScript'>\n"; if ($info_msg) { echo " alert('" . addslashes($info_msg) . "');\n"; } echo " window.close();\n"; echo " if (opener.refreshme) opener.refreshme();\n"; echo "</script></body></html>\n"; exit; } $row = sqlQuery("SELECT * FROM drug_inventory WHERE drug_id = ? " . "AND inventory_id = ?", array($drug_id, $lot_id)); ?> <form method='post' name='theform' action='destroy_lot.php?drug=<?php
if ($lot_id) { if ($_POST['form_save']) { // Make sure the destination quantity will not end up negative. if ($row['on_hand'] + $form_quantity < 0) { $info_msg = xl('Transaction failed, insufficient quantity in destination lot'); } else { sqlStatement("UPDATE drug_inventory SET " . "lot_number = '" . formData('form_lot_number') . "', " . "manufacturer = '" . formData('form_manufacturer') . "', " . "expiration = " . QuotedOrNull($form_expiration) . ", " . "vendor_id = '" . formData('form_vendor_id') . "', " . "warehouse_id = '" . formData('form_warehouse_id') . "', " . "on_hand = on_hand + '" . $form_quantity . "' " . "WHERE drug_id = '{$drug_id}' AND inventory_id = '{$lot_id}'"); } } else { sqlStatement("DELETE FROM drug_inventory WHERE drug_id = '{$drug_id}' " . "AND inventory_id = '{$lot_id}'"); } } else { if ($form_quantity < 0) { $info_msg = xl('Transaction failed, quantity is less than zero'); } else { $lot_id = sqlInsert("INSERT INTO drug_inventory ( " . "drug_id, lot_number, manufacturer, expiration, " . "vendor_id, warehouse_id, on_hand " . ") VALUES ( " . "'{$drug_id}', " . "'" . formData('form_lot_number') . "', " . "'" . formData('form_manufacturer') . "', " . QuotedOrNull($form_expiration) . ", " . "'" . formData('form_vendor_id') . "', " . "'" . formData('form_warehouse_id') . "', " . "'" . $form_quantity . "' " . ")"); } } // Create the corresponding drug_sales transaction. if ($_POST['form_save'] && $form_quantity) { $form_notes = formData('form_notes'); $form_sale_date = formData('form_sale_date'); if (empty($form_sale_date)) { $form_sale_date = date('Y-m-d'); } sqlInsert("INSERT INTO drug_sales ( " . "drug_id, inventory_id, prescription_id, pid, encounter, user, " . "sale_date, quantity, fee, xfer_inventory_id, notes " . ") VALUES ( " . "'{$drug_id}', '{$lot_id}', '0', '0', '0', " . "'" . $_SESSION['authUser'] . "', " . "'{$form_sale_date}', " . "'" . (0 - $form_quantity) . "', " . "'" . (0 - $form_cost) . "', " . "'{$form_source_lot}', " . "'{$form_notes}' )"); // If this is a transfer then reduce source QOH, and also copy some // fields from the source when they are missing. if ($form_source_lot) { sqlStatement("UPDATE drug_inventory SET " . "on_hand = on_hand - '{$form_quantity}' " . "WHERE inventory_id = '{$form_source_lot}'"); foreach (array('lot_number', 'manufacturer', 'expiration', 'vendor_id') as $item) {
function cbcell($name, $desc, $colname) { return "<td width='25%' nowrap>" . cbinput($name, $colname) . "{$desc}</td>\n"; } function QuotedOrNull($fld) { if (empty($fld)) { return "NULL"; } return "'{$fld}'"; } $formid = formData('id', 'G') + 0; // If Save was clicked, save the info. // if ($_POST['bn_save']) { $sets = "procedure_type_id = " . (formData('form_proc_type') + 0) . ", " . "date_ordered = " . QuotedOrNull(formData('form_date_ordered')) . ", " . "provider_id = " . (formData('form_provider_id') + 0) . ", " . "date_collected = " . QuotedOrNull(formData('form_date_collected')) . ", " . "order_priority = '" . formData('form_order_priority') . "', " . "order_status = '" . formData('form_order_status') . "', " . "patient_instructions = '" . formData('form_patient_instructions') . "', " . "patient_id = '" . $pid . "', " . "encounter_id = '" . $encounter . "'"; // If updating an existing form... // if ($formid) { $query = "UPDATE procedure_order SET {$sets} " . "WHERE procedure_order_id = '{$formid}'"; sqlStatement($query); } else { $query = "INSERT INTO procedure_order SET {$sets}"; $newid = sqlInsert($query); addForm($encounter, "Procedure Order", $newid, "procedure_order", $pid, $userauthorized); } formHeader("Redirecting...."); formJump(); formFooter(); exit; }