/** * library to simplify processing code_types * * Copyright (C) 2013 Kevin Yeh <*****@*****.**> and OEMR <www.oemr.org> * * LICENSE: This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 3 * of the License, or (at your option) any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;. * * @package OpenEMR * @author Kevin Yeh <*****@*****.**> * @link http://www.open-emr.org */ function diag_code_types($format = 'json', $sqlEscape = false) { global $code_types; $diagCodes = array(); foreach ($code_types as $key => $ct) { if ($ct['active'] && $ct['diag']) { if ($format == 'json') { $entry = array("key" => $key, "id" => $ct['id']); } else { if ($format == 'keylist') { $entry = "'"; $entry .= $sqlEscape ? add_escape_custom($key) : $key; $entry .= "'"; } } array_push($diagCodes, $entry); } } if ($format == 'json') { return json_encode($diagCodes); } if ($format == 'keylist') { return implode(",", $diagCodes); } }
function review_of_systems_report($pid, $encounter, $cols, $id) { $count = 0; $data = formFetch("form_review_of_systems", $id); $sql = "SELECT name from form_review_of_systems_checks where foreign_id = '" . add_escape_custom($id) . "'"; $results = sqlQ($sql); $data2 = array(); while ($row = sqlFetchArray($results)) { $data2[] = $row['name']; } $data = array_merge($data, $data2); if ($data) { print "<table><tr>"; foreach ($data as $key => $value) { if ($key == "id" || $key == "pid" || $key == "user" || $key == "groupname" || $key == "authorized" || $key == "activity" || $key == "date" || $value == "" || $value == "0000-00-00 00:00:00") { continue; } if ($value == "on") { $value = "yes"; } $key = ucwords(str_replace("_", " ", $key)); if (is_numeric($key)) { $key = "check"; } print "<td><span class=bold>{$key}: </span><span class=text>{$value}</span></td>"; $count++; if ($count == $cols) { $count = 0; print "</tr><tr>\n"; } } } }
function Tree($root, $root_type = ROOT_TYPE_ID) { $this->_db = $GLOBALS['adodb']['db']; $this->_root = add_escape_custom($root); $this->_root_type = add_escape_custom($root_type); $this->load_tree(); }
function QuotedOrNull($fld) { if ($fld) { return "'" . add_escape_custom($fld) . "'"; } return "NULL"; }
function invalue($name) { if (!$_POST[$name]) { return "''"; } $fld = add_escape_custom(trim($_POST[$name])); return "'{$fld}'"; }
function addwhere($where, $colname, $value) { if ($value) { $where .= " AND "; $where .= "{$colname} LIKE '%" . add_escape_custom($value) . "%'"; } return $where; }
function updateInvoiceRefNumber() { $irnumber = getInvoiceRefNumber(); // Here "?" specifies a minimal match, to get the most digits possible: if (preg_match('/^(.*?)(\\d+)(\\D*)$/', $irnumber, $matches)) { $newdigs = sprintf('%0' . strlen($matches[2]) . 'd', $matches[2] + 1); $newnumber = add_escape_custom($matches[1] . $newdigs . $matches[3]); sqlStatement("UPDATE users AS u, list_options AS lo " . "SET lo.notes = '{$newnumber}' WHERE " . "u.username = '******'authUser'] . "' AND " . "lo.list_id = 'irnpool' AND lo.option_id = u.irnpool"); } return $irnumber; }
function formDataCore($s, $isTrim = false) { //trim if selected if ($isTrim) { $s = trim($s); } //strip escapes $s = strip_escape_custom($s); //add escapes for safe database insertion $s = add_escape_custom($s); return $s; }
function populate() { if (!empty($this->id)) { $res = sqlQuery("SELECT providerID,fname,lname,mname " . ", DATE_FORMAT(DOB,'%m/%d/%Y') as date_of_birth " . ", pubpid " . " from " . $this->_table . " where pid =" . add_escape_custom($this->id)); if (is_array($res)) { $this->pubpid = $res['pubpid']; $this->lname = $res['lname']; $this->mname = $res['mname']; $this->fname = $res['fname']; $this->provider = new Provider($res['providerID']); $this->date_of_birth = $res['date_of_birth']; } } }
function populate() { $res = sqlQuery("SELECT fname,lname,federaldrugid, specialty, npi, state_license_number FROM users where id =" . add_escape_custom($this->id)); if (is_array($res)) { $this->lname = $res['lname']; $this->fname = $res['fname']; $this->federal_drug_id = $res['federaldrugid']; $this->specialty = $res['specialty']; $this->npi = $res['npi']; $this->state_license_number = $res['state_license_number']; } $ins = new InsuranceNumbers(); $this->insurance_numbers = $ins->insurance_numbers_factory($this->id); }
function persist() { parent::persist(); if (is_numeric($this->id) and !empty($this->checks)) { $sql = "delete FROM form_review_of_systems_checks where foreign_id = '" . $this->id . "'"; sqlQuery($sql); foreach ($this->checks as $check) { if (!empty($check)) { $sql = "INSERT INTO form_review_of_systems_checks set foreign_id='" . add_escape_custom($this->id) . "', name = '" . add_escape_custom($check) . "'"; sqlQuery($sql); //echo "$sql<br>"; } } } }
function populate() { $sql = "SELECT * from " . $this->_prefix . $this->_table . " WHERE id = '" . add_escape_custom(strval($this->id)) . "'"; $results = sqlQuery($sql); if (is_array($results)) { foreach ($results as $field_name => $field) { $func = "set_" . $field_name; //echo "f: $field m: $func status: " . (is_callable(array($this,$func))? "yes" : "no") . "<br>"; if (is_callable(array($this, $func))) { if (!empty($field)) { //echo "s: $field_name to: $field <br>"; call_user_func(array(&$this, $func), $field); } } } } }
function PrepareSearchItem($SearchItem) { $SplitArray = explode(' like ', $SearchItem); if (isset($SplitArray[1])) { $SplitArray[1] = substr($SplitArray[1], 0, -1); $SplitArray[1] = substr($SplitArray[1], 1); $SearchItem = $SplitArray[0] . ' like ' . "'" . add_escape_custom($SplitArray[1]) . "'"; } else { $SplitArray = explode(' = ', $SearchItem); if (isset($SplitArray[1])) { $SplitArray[1] = substr($SplitArray[1], 0, -1); $SplitArray[1] = substr($SplitArray[1], 1); $SearchItem = $SplitArray[0] . ' = ' . "'" . add_escape_custom($SplitArray[1]) . "'"; } } return $SearchItem; }
function fetchAppointments($from_date, $to_date, $patient_id = null, $provider_id = null, $facility_id = null, $pc_appstatus = null, $with_out_provider = null, $with_out_facility = null, $pc_catid = null) { $where = ""; if ($provider_id) { $where .= " AND e.pc_aid = '{$provider_id}'"; } if ($patient_id) { $where .= " AND e.pc_pid = '{$patient_id}'"; } else { $where .= " AND e.pc_pid != ''"; } $facility_filter = ''; if ($facility_id) { $event_facility_filter = " AND e.pc_facility = '" . add_escape_custom($facility_id) . "'"; // escape $facility_id $provider_facility_filter = " AND u.facility_id = '" . add_escape_custom($facility_id) . "'"; // escape $facility_id $facility_filter = $event_facility_filter . $provider_facility_filter; } $where .= $facility_filter; //Appointment Status Checking $filter_appstatus = ''; if ($pc_appstatus != '') { $filter_appstatus = " AND e.pc_apptstatus = '" . $pc_appstatus . "'"; } $where .= $filter_appstatus; if ($pc_catid != null) { $where .= " AND e.pc_catid=" . intval($pc_catid); // using intval to escape this parameter } //Without Provider checking $filter_woprovider = ''; if ($with_out_provider != '') { $filter_woprovider = " AND e.pc_aid = ''"; } $where .= $filter_woprovider; //Without Facility checking $filter_wofacility = ''; if ($with_out_facility != '') { $filter_wofacility = " AND e.pc_facility = 0"; } $where .= $filter_wofacility; $appointments = fetchEvents($from_date, $to_date, $where); return $appointments; }
function PrepareSearchItem($SearchItem) { //Parses the search value part of the criteria and prepares for sql. $SplitArray = split(' like ', $SearchItem); if (isset($SplitArray[1])) { $SplitArray[1] = substr($SplitArray[1], 0, -1); $SplitArray[1] = substr($SplitArray[1], 1); $SearchItem = $SplitArray[0] . ' like ' . "'" . add_escape_custom($SplitArray[1]) . "'"; } else { $SplitArray = split(' = ', $SearchItem); if (isset($SplitArray[1])) { $SplitArray[1] = substr($SplitArray[1], 0, -1); $SplitArray[1] = substr($SplitArray[1], 1); $SearchItem = $SplitArray[0] . ' = ' . "'" . add_escape_custom($SplitArray[1]) . "'"; } } return $SearchItem; }
static function factory_phone_numbers($foreign_id = "") { if (empty($foreign_id)) { $foreign_id = "like '%'"; } else { $foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'"; } $phone_numbers = array(); $p = new PhoneNumber(); $sql = "SELECT id FROM " . $p->_table . " WHERE foreign_id " . $foreign_id . " ORDER BY type"; //echo $sql . "<bR />"; $results = sqlQ($sql); //echo "sql: $sql"; while ($row = sqlFetchArray($results)) { $phone_numbers[] = new PhoneNumber($row['id']); } return $phone_numbers; }
/** * Convenience function to get an array of many document objects * For really large numbers of documents there is a way more efficient way to do this by overwriting the populate method * @param int $foreign_id optional id use to limit array on to a specific relation, otherwise every document object is returned */ function notes_factory($foreign_id = "") { $notes = array(); if (empty($foreign_id)) { $foreign_id = "like '%'"; } else { $foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'"; } $d = new note(); $sql = "SELECT id FROM " . $d->_table . " WHERE foreign_id " . $foreign_id . " ORDER BY DATE DESC"; //echo $sql; $result = $d->_db->Execute($sql); while ($result && !$result->EOF) { $notes[] = new Note($result->fields['id']); $result->MoveNext(); } return $notes; }
static function factory_address($foreign_id = "") { if (empty($foreign_id)) { $foreign_id = "like '%'"; } else { $foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'"; } $a = new Address(); $sql = "SELECT id FROM " . $a->_table . " WHERE foreign_id " . $foreign_id; //echo $sql . "<bR />"; $results = sqlQ($sql); //echo "sql: $sql"; $row = sqlFetchArray($results); if (!empty($row)) { $a = new Address($row['id']); } return $a; }
function xl($constant, $mode = 'r', $prepend = '', $append = '') { // set language id if (!empty($_SESSION['language_choice'])) { $lang_id = $_SESSION['language_choice']; } else { $lang_id = 1; } if ($lang_id == 1 && !empty($GLOBALS['skip_english_translation'])) { // language id = 1, so no need to translate // -- remove comments $string = preg_replace('/\\{\\{.*\\}\\}/', '', $constant); } else { // TRANSLATE // first, clean lines // convert new lines to spaces and remove windows end of lines $patterns = array('/\\n/', '/\\r/'); $replace = array(' ', ''); $constant = preg_replace($patterns, $replace, $constant); // second, attempt translation $sql = "SELECT * FROM lang_definitions JOIN lang_constants ON " . "lang_definitions.cons_id = lang_constants.cons_id WHERE " . "lang_id='{$lang_id}' AND constant_name = '" . add_escape_custom($constant) . "' LIMIT 1"; $res = sqlStatementNoLog($sql); $row = SqlFetchArray($res); $string = $row['definition']; if ($string == '') { $string = "{$constant}"; } // remove dangerous characters and remove comments $patterns = array('/\\n/', '/\\r/', '/"/', "/'/", '/\\{\\{.*\\}\\}/'); $replace = array(' ', '', '`', '`', ''); $string = preg_replace($patterns, $replace, $string); } $string = "{$prepend}" . "{$string}" . "{$append}"; if ($mode == 'e') { echo $string; } else { return $string; } }
function default_action_process() { if ($_POST['process'] != "true") { return; } $this->evaluation = new FormEvaluation($_POST['id']); parent::populate_object($this->evaluation); $this->evaluation->persist(); if ($GLOBALS['encounter'] == "") { $GLOBALS['encounter'] = date("Ymd"); } addForm($GLOBALS['encounter'], "Evaluation Form", $this->evaluation->id, "evaluation", $GLOBALS['pid'], $_SESSION['userauthorized']); if (!empty($_POST['cpt_code'])) { $sql = "select * from codes where code ='" . add_escape_custom($_POST['cpt_code']) . "' order by id"; $results = sqlQ($sql); $row = sqlFetchArray($results); if (!empty($row)) { addBilling(date("Ymd"), 'CPT4', $row['code'], $row['code_text'], $_SESSION['pid'], $_SESSION['userauthorized'], $_SESSION['authUserID'], $row['modifier'], $row['units'], $row['fee']); } } $_POST['process'] = ""; return; }
//Do something with result, ie put in DB //echo $resultCode . ":" .$value . " " . $unit. "\n"; $check_type2 = sqlQuery("SELECT COUNT(*) AS count FROM procedure_type WHERE procedure_type_id = '" . add_escape_custom($resultCode) . "'"); if ($check_type2['count'] <= 0) { $sql_type_data = "procedure_type_id = '" . add_escape_custom($resultCode) . "', " . "parent = '" . add_escape_custom($observationCode) . "', " . "name = '" . add_escape_custom($resultCodeTex) . "', " . "procedure_type = 'res'"; $type_id = sqlInsert("INSERT INTO procedure_type SET {$sql_type_data}"); } $result_status = mapResultStatus($resultStatus); $abnormalFlag = mapAbnormalStatus($abnormalFlag); $check_result = sqlQuery("SELECT COUNT(*) AS count, procedure_result_id FROM procedure_result WHERE procedure_report_id = '" . add_escape_custom($report_id) . "' AND procedure_type_id = '" . add_escape_custom($resultCode) . "'"); if ($check_result['count'] <= 0) { $sql_result_data = "procedure_report_id = '" . add_escape_custom($report_id) . "', " . "procedure_type_id = '" . add_escape_custom($resultCode) . "', " . "date = DATE_FORMAT('" . add_escape_custom($resultDateTime . '00') . "', '%Y%m%d%H%i%s'), " . "facility = '" . add_escape_custom($str_facilityId) . "', " . "units = '" . add_escape_custom($unit) . "', " . "result = '" . add_escape_custom($value) . "', " . "`range` = '" . add_escape_custom($referenceRange) . "', " . "abnormal = '" . add_escape_custom($abnormalFlag) . "', " . "comments = '" . add_escape_custom($comment) . "', " . "result_status = '" . add_escape_custom($result_status) . "'"; sqlInsert("INSERT INTO procedure_result SET {$sql_result_data}"); } else { $sql_result_data = "date = DATE_FORMAT('" . add_escape_custom($resultDateTime . '00') . "', '%Y%m%d%H%i%s'), " . "facility = '" . add_escape_custom($str_facilityId) . "', " . "units = '" . add_escape_custom($unit) . "', " . "result = '" . add_escape_custom($value) . "', " . "`range` = '" . add_escape_custom($referenceRange) . "', " . "abnormal = '" . add_escape_custom($abnormalFlag) . "', " . "comments = '" . add_escape_custom($comment) . "', " . "result_status = '" . add_escape_custom($result_status) . "'"; sqlStatement("UPDATE procedure_result SET {$sql_result_data} WHERE procedure_result_id = '" . add_escape_custom($check_result['procedure_result_id']) . "'"); } } // Send a message regarding a report with pending review status. lab_results_messages($patient_id, $report_id, $user_id); } // Need to confirm that the lab result message has been received. // This is the url of the confirm request. $url = "confirm/" . $id; // Make the confirmation request. $response = $client->sendRequest($url, "POST"); // Check response for success or error. if ($response->IsError) { echo xl("Error confirming receipt of lab results") . ": {$response->ErrorMessage}\n"; } else { echo xl("Success confirming receipt of lab result") . " \n";
require_once "portal.inc.php"; // Consider this a step towards converting the insurance form to layout-based. // Faking it here makes things easier. // Also note that some fields like SSN and most of the subscriber employer // items have been omitted because they are not relevant for claims. // $insurance_layout = array(array('field_id' => 'type', 'title' => 'Type', 'uor' => '2', 'data_type' => '1', 'list_id' => 'insurance_types', 'edit_options' => ''), array('field_id' => 'date', 'title' => 'Effective Date', 'uor' => '2', 'data_type' => '4', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'provider', 'title' => 'Provider', 'uor' => '2', 'data_type' => '16', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'plan_name', 'title' => 'Plan Name', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'policy_number', 'title' => 'Policy Number', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'group_number', 'title' => 'Group Number', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_employer', 'title' => 'Group Name', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_lname', 'title' => 'Subscriber Last Name', 'uor' => '2', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_fname', 'title' => 'Subscriber First Name', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_mname', 'title' => 'Subscriber Middle Name', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_DOB', 'title' => 'Subscriber DOB', 'uor' => '2', 'data_type' => '4', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_sex', 'title' => 'Subscriber Sex', 'uor' => '2', 'data_type' => '1', 'list_id' => 'sex', 'edit_options' => ''), array('field_id' => 'subscriber_relationship', 'title' => 'Subscriber Relationship', 'uor' => '2', 'data_type' => '1', 'list_id' => 'sub_relation', 'edit_options' => ''), array('field_id' => 'subscriber_street', 'title' => 'Subscriber Street', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_city', 'title' => 'Subscriber City', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_state', 'title' => 'Subscriber State', 'uor' => '1', 'data_type' => '1', 'list_id' => 'state', 'edit_options' => ''), array('field_id' => 'subscriber_postal_code', 'title' => 'Subscriber Zip', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_phone', 'title' => 'Subscriber Phone', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => '')); $postid = intval($_REQUEST['postid']); if ($_POST['bn_save']) { $newdata = array(); $ptid = intval($_POST['ptid']); foreach ($insurance_layout as $frow) { $data_type = $frow['data_type']; $field_id = $frow['field_id']; // newInsuranceData() does not escape for mysql so we have to do it here. $newdata[$field_id] = add_escape_custom(get_layout_form_value($frow)); } newInsuranceData($ptid, $newdata['type'], $newdata['provider'], $newdata['policy_number'], $newdata['group_number'], $newdata['plan_name'], $newdata['subscriber_lname'], $newdata['subscriber_mname'], $newdata['subscriber_fname'], $newdata['subscriber_relationship'], '', fixDate($newdata['subscriber_DOB']), $newdata['subscriber_street'], $newdata['subscriber_postal_code'], $newdata['subscriber_city'], $newdata['subscriber_state'], '', $newdata['subscriber_phone'], $newdata['subscriber_employer'], '', '', '', '', '', '', $newdata['subscriber_sex'], fixDate($newdata['date']), 'TRUE', ''); // Finally, delete the request from the portal. $result = cms_portal_call(array('action' => 'delpost', 'postid' => $postid)); if ($result['errmsg']) { die(text($result['errmsg'])); } echo "<html><body><script language='JavaScript'>\n"; echo "if (top.restoreSession) top.restoreSession(); else opener.top.restoreSession();\n"; echo "document.location.href = 'list_requests.php';\n"; echo "</script></body></html>\n"; exit; } // Get the portal request data. if (!$postid) {
/** * Function to return part of sql query to deal with interval * * @param string $table selected mysql table (or EXCEPTION(s)) * @param string $intervalType type of interval (ie. year) * @param string $intervalValue searched for within this many times of the interval type * @param string $dateTarget target date(format Y-m-d H:i:s). * @return string contains pertinent date interval filter for mysql query */ function sql_interval_string($table, $intervalType, $intervalValue, $dateTarget) { $dateSql = ""; // Collect the correct column label for date in the table $date_label = collect_database_label('date', $table); // Deal with interval if (!empty($intervalType)) { switch ($intervalType) { case "year": $dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " YEAR) AND '" . add_escape_custom($dateTarget) . "') "; break; case "month": $dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " MONTH) AND '" . add_escape_custom($dateTarget) . "') "; break; case "week": $dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " WEEK) AND '" . add_escape_custom($dateTarget) . "') "; break; case "day": $dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " DAY) AND '" . add_escape_custom($dateTarget) . "') "; break; case "hour": $dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " HOUR) AND '" . add_escape_custom($dateTarget) . "') "; break; case "minute": $dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " MINUTE) AND '" . add_escape_custom($dateTarget) . "') "; break; case "second": $dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " SECOND) AND '" . add_escape_custom($dateTarget) . "') "; break; case "flu_season": // Flu season to be hard-coded as September thru February // (Should make this modifiable in the future) // ($intervalValue is not used) $dateArray = explode("-", $dateTarget); $Year = $dateArray[0]; $dateThisYear = $Year . "-09-01"; $dateLastYear = $Year - 1 . "-09-01"; $dateSql = " " . "AND ((" . "MONTH('" . add_escape_custom($dateTarget) . "') < 9 " . "AND " . add_escape_custom($date_label) . " >= '" . $dateLastYear . "' ) " . "OR (" . "MONTH('" . add_escape_custom($dateTarget) . "') >= 9 " . "AND " . add_escape_custom($date_label) . " >= '" . $dateThisYear . "' ))" . "AND " . add_escape_custom($date_label) . " <= '" . add_escape_custom($dateTarget) . "' "; break; } } else { $dateSql = "AND " . add_escape_custom($date_label) . " <= '" . add_escape_custom($dateTarget) . "' "; } // return the sql interval string return $dateSql; }
echo "</div></td></tr>"; } } ++$ix; } ?> </table> <!-- end patient_stats_issues --> <table id="patient_stats_spreadsheets"> <?php // Show spreadsheet forms if any are present. // $need_head = true; foreach (array('treatment_protocols', 'injury_log') as $formname) { if (sqlNumRows(sqlStatement("SHOW TABLES LIKE ?", array("form_" . $formname))) > 0) { $dres = sqlStatement("SELECT tp.id, tp.value FROM forms, " . "form_" . add_escape_custom($formname) . " AS tp WHERE forms.pid = ? AND " . "forms.formdir = ? AND tp.id = forms.form_id AND " . "tp.rownbr = -1 AND tp.colnbr = -1 AND tp.value LIKE '0%' " . "ORDER BY tp.value DESC", array($pid, $formname)); if (sqlNumRows($dres) > 0 && $need_head) { $need_head = false; echo " <tr>\n"; echo " <td colspan='{$numcols}' valign='top'>\n"; echo " <span class='title'>Injury Log</span>\n"; echo " </td>\n"; echo " </tr>\n"; } while ($row = sqlFetchArray($dres)) { list($completed, $start_date, $template_name) = explode('|', $row['value'], 3); echo " <tr>\n"; echo " <td colspan='{$numcols}'> "; echo "<a class='link' href='javascript:;' "; echo "onclick='load_location(\"../../forms/{$formname}/new.php?popup=1&id="; echo htmlspecialchars($row['id'], ENT_QUOTES) . "\")'>" . htmlspecialchars($start_date, ENT_NOQUOTES) . " " . htmlspecialchars($template_name, ENT_NOQUOTES) . "</a></td>\n";
$height = $_POST['height']; $temperature = $_POST['temperature']; $temp_method = $_POST['temp_method']; $pulse = $_POST['pulse']; $respiration = $_POST['respiration']; $note = $_POST['note']; $BMI = $_POST['BMI']; $BMI_status = $_POST['BMI_status']; $waist_circ = $_POST['waist_circ']; $head_circ = $_POST['head_circ']; $oxygen_saturation = $_POST['oxygen_saturation']; if ($userId = validateToken($token)) { $user = getUsername($userId); $acl_allow = acl_check('encounters', 'auth_a', $user); if ($acl_allow) { $strQuery = "UPDATE `form_vitals` SET \n `date`='" . add_escape_custom($date) . "',\n `pid`='" . add_escape_custom($patientId) . "',\n `user`='" . add_escape_custom($user) . "',\n `groupname`='" . add_escape_custom($groupname) . "',\n `authorized`='" . add_escape_custom($authorized) . "',\n `activity`='" . add_escape_custom($activity) . "',\n `bps`='" . add_escape_custom($bps) . "',\n `bpd`='" . add_escape_custom($bpd) . "',\n `weight`='" . add_escape_custom($weight) . "',\n `height`='" . add_escape_custom($height) . "',\n `temperature`='" . add_escape_custom($temperature) . "',\n `temp_method`='" . add_escape_custom($temp_method) . "',\n `pulse`='" . add_escape_custom($pulse) . "',\n `respiration`='" . add_escape_custom($respiration) . "',\n `note`='" . add_escape_custom($note) . "',\n `BMI`='" . add_escape_custom($BMI) . "',\n `BMI_status`='" . add_escape_custom($BMI_status) . "',\n `waist_circ`='" . add_escape_custom($waist_circ) . "',\n `head_circ`='" . add_escape_custom($head_circ) . "',\n `oxygen_saturation`='" . add_escape_custom($oxygen_saturation) . "' \n WHERE id = ?"; $result = sqlStatement($strQuery, array($vital_id)); if ($result !== FALSE) { $xml_array['status'] = 0; $xml_array['reason'] = 'Visit vital update successfully'; } else { $xml_array['status'] = -1; $xml_array['reason'] = 'Could not update isit vital'; } } else { $xml_string .= "<status>-2</status>\n"; $xml_string .= "<reason>You are not Authorized to perform this action</reason>\n"; } } else { $xml_array['status'] = -2; $xml_array['reason'] = 'Invalid Token';
function lab_exchange_match_patient($externalId, $firstName, $middleName, $lastName, $dob, $gender, $ssn, $address) { $sql = "SELECT pid from patient_data WHERE "; $where = ""; /* // Search for pid and return if pid match with $externalId(from lab API) if ($externalId != "") { $where .= "pid = '".add_escape_custom($externalId)."' " ; $res = sqlQuery($sql . $where); if ($res['pid']) { return $res['pid']; } else { $where = ""; } } */ // If empty $externalId or externalId no matched if (preg_replace("/[:space:]/", "", $firstName) != "") { $where .= "fname = '" . add_escape_custom($firstName) . "' "; } if (preg_replace("/[:space:]/", "", $lastName) != "") { if ($where != "") { $where .= "AND "; } $where .= "lname = '" . add_escape_custom($lastName) . "' "; } // if (ereg_replace("[:space:]", "", $middleName) != ""){ // if ($where != "") $where .= "AND "; // $where .= "mname = '".add_escape_custom($middleName)."' " ; // } if (preg_replace("/[:space:]/", "", $dob) != "") { if ($where != "") { $where .= "AND "; } $where .= "DOB = DATE_FORMAT('" . add_escape_custom($dob) . "', '%Y-%m-%d') "; } if (preg_replace("/[:space:]/", "", $gender) != "") { if ($gender == "F") { $sex = "Female"; } if ($gender == "M") { $sex = "Male"; } if (isset($sex)) { if ($where != "") { $where .= "AND "; } $where .= "(sex = '" . add_escape_custom($sex) . "' OR sex = '" . add_escape_custom($gender) . "')"; } } if (preg_replace("/[:space:]/", "", $ssn) != "") { if ($where != "") { $where .= "AND "; } // Change to xxx-xx-xxxx format. $ss = substr($ssn, 0, 3) . "-" . substr($ssn, 3, 2) . "-" . substr($ssn, 5); $where .= "(ss = '" . add_escape_custom($ssn) . "' OR ss = '" . add_escape_custom($ss) . "' OR ss = '')"; } if ($where == "") { return false; } else { $res = sqlQuery($sql . $where); if ($res['pid']) { return $res['pid']; } else { return false; } } }
// $count = 0; $sqlBindArray = array(); $from = "FROM form_encounter AS fe " . "JOIN forms AS f ON f.pid = fe.pid AND f.encounter = fe.encounter AND " . "f.formdir = 'newpatient' AND f.deleted = 0 "; if ($issue) { $from .= "JOIN issue_encounter AS ie ON ie.pid = ? AND " . "ie.list_id = ? AND ie.encounter = fe.encounter "; array_push($sqlBindArray, $pid, $issue); } $from .= "LEFT JOIN users AS u ON u.id = fe.provider_id WHERE fe.pid = ? "; $sqlBindArray[] = $pid; $query = "SELECT fe.*, f.user, u.fname, u.mname, u.lname " . $from . "ORDER BY fe.date DESC, fe.id DESC"; $countQuery = "SELECT COUNT(*) as c " . $from; $countRes = sqlStatement($countQuery, $sqlBindArray); $count = sqlFetchArray($countRes); $numRes = $count['c']; if ($pagesize > 0) { $query .= " LIMIT " . add_escape_custom($pagestart) . "," . add_escape_custom($pagesize); } $upper = $pagestart + $pagesize; if ($upper > $numRes || $pagesize == 0) { $upper = $numRes; } if ($pagesize > 0 && $pagestart > 0) { generatePageElement($pagestart - $pagesize, $pagesize, $billing_view, $issue, "⇐" . htmlspecialchars(xl("Prev"), ENT_NOQUOTES) . " "); } echo $pagestart + 1 . "-" . $upper . " " . htmlspecialchars(xl('of'), ENT_NOQUOTES) . " " . $numRes; if ($pagesize > 0 && $pagestart + $pagesize <= $numRes) { generatePageElement($pagestart + $pagesize, $pagesize, $billing_view, $issue, " " . htmlspecialchars(xl("Next"), ENT_NOQUOTES) . "⇒"); } $res4 = sqlStatement($query, $sqlBindArray); if ($billing_view && $accounting_enabled && !$INTEGRATED_AR) { SLConnect();
//setup for display of encounter date info $encounter_count = 0; $day_diff = ''; $last_date_seen = ''; $next_appt_date = ''; $pid = ''; // calculate date differences based on date of last encounter with billing entries $query = "select DATE_FORMAT(max(form_encounter.date),'%m/%d/%y') as mydate," . " (to_days(current_date())-to_days(max(form_encounter.date))) as day_diff," . " DATE_FORMAT(max(form_encounter.date) + interval " . add_escape_custom($add_days) . " day,'%m/%d/%y') as next_appt, dayname(max(form_encounter.date) + interval " . add_escape_custom($add_days) . " day) as next_appt_day from form_encounter " . "join billing on billing.encounter = form_encounter.encounter and " . "billing.pid = form_encounter.pid and billing.activity = 1 and " . "billing.code_type not like 'COPAY' where " . "form_encounter.pid = ?"; $statement = sqlStatement($query, array($iter["pid"])); if ($results = sqlFetchArray($statement)) { $last_date_seen = $results['mydate']; $day_diff = $results['day_diff']; $next_appt_date = $results['next_appt_day'] . ', ' . $results['next_appt']; } // calculate date differences based on date of last encounter regardless of billing $query = "select DATE_FORMAT(max(form_encounter.date),'%m/%d/%y') as mydate," . " (to_days(current_date())-to_days(max(form_encounter.date))) as day_diff," . " DATE_FORMAT(max(form_encounter.date) + interval " . add_escape_custom($add_days) . " day,'%m/%d/%y') as next_appt, dayname(max(form_encounter.date) + interval " . add_escape_custom($add_days) . " day) as next_appt_day from form_encounter " . " where form_encounter.pid = ?"; $statement = sqlStatement($query, array($iter["pid"])); if ($results = sqlFetchArray($statement)) { $last_date_seen = $results['mydate']; $day_diff = $results['day_diff']; $next_appt_date = $results['next_appt_day'] . ', ' . $results['next_appt']; } //calculate count of encounters by distinct billing dates with cpt4 //entries $query = "select count(distinct date) as encounter_count " . " from billing " . " where code_type not like 'COPAY' and activity = 1 " . " and pid = ?"; $statement = sqlStatement($query, array($iter["pid"])); if ($results = sqlFetchArray($statement)) { $encounter_count_billed = $results['encounter_count']; } // calculate count of encounters, regardless of billing $query = "select count(date) as encounter_count " . " from form_encounter where " . " pid = ?";
function getQRDAPatientNeedInfo($patArr) { //Defining Array elements //Gender $genderArr = array(); $genderArr['Male'] = 0; $genderArr['Female'] = 0; $genderArr['Unknown'] = 0; //Race $raceArr = array(); $raceArr['American Indian or Alaska Native'] = 0; $raceArr['Asian'] = 0; $raceArr['Black or African American'] = 0; $raceArr['Native Hawaiian or Other Pacific Islander'] = 0; $raceArr['White'] = 0; $raceArr['Other'] = 0; //Ethnicity $ethincityArr = array(); $ethincityArr['Not Hispanic or Latino'] = 0; $ethincityArr['Hispanic or Latino'] = 0; $mainArr = array(); if (count($patArr) > 0) { $patRes = sqlStatement("SELECT pid, sex, race, ethnicity FROM patient_data WHERE pid IN (" . add_escape_custom(implode(",", $patArr)) . ")"); while ($patRow = sqlFetchArray($patRes)) { //Gender Collection if ($patRow['sex'] == "Male") { $genderArr['Male']++; } else { if ($patRow['sex'] == "Female") { $genderArr['Female']++; } else { $genderArr['Unknown']++; } } //Race Section if ($patRow['race'] == "amer_ind_or_alaska_native") { $raceArr['American Indian or Alaska Native']++; } else { if ($patRow['race'] == "Asian") { $raceArr['Asian']++; } else { if ($patRow['race'] == "black_or_afri_amer") { $raceArr['Black or African American']++; } else { if ($patRow['race'] == "native_hawai_or_pac_island") { $raceArr['Native Hawaiian or Other Pacific Islander']++; } else { if ($patRow['race'] == "white") { $raceArr['White']++; } else { if ($patRow['race'] == "Asian_Pacific_Island") { $raceArr['Other']++; } else { if ($patRow['race'] == "Black_not_of_Hispan") { $raceArr['Other']++; } else { if ($patRow['race'] == "Hispanic") { $raceArr['Other']++; } else { if ($patRow['race'] == "White_not_of_Hispan") { $raceArr['Other']++; } else { $raceArr['Other']++; } } } } } } } } } if ($patRow['ethnicity'] == "hisp_or_latin") { $ethincityArr['Hispanic or Latino']++; } else { if ($patRow['ethnicity'] == "not_hisp_or_latin") { $ethincityArr['Not Hispanic or Latino']++; } } } } $mainArr['gender'] = $genderArr; $mainArr['race'] = $raceArr; $mainArr['ethnicity'] = $ethincityArr; return $mainArr; }
/** * Lookup Code Descriptions for one or more billing codes. * * Function is able to lookup code descriptions from a variety of code sets. See the 'external' * items in the comments at top of this page for a listing of the code sets supported. * * @param string $codes Is of the form "type:code;type:code; etc.". * @param string $desc_detail Can choose either the normal description('code_text') or the brief description('code_text_short'). * @return string Is of the form "description;description; etc.". */ function lookup_code_descriptions($codes, $desc_detail = "code_text") { global $code_types, $code_external_tables; // ensure $desc_detail is set properly if ($desc_detail != "code_text" && $desc_detail != "code_text_short") { $desc_detail = "code_text"; } $code_text = ''; if (!empty($codes)) { $relcodes = explode(';', $codes); foreach ($relcodes as $codestring) { if ($codestring === '') { continue; } list($codetype, $code) = explode(':', $codestring); $table_id = $code_types[$codetype]['external']; if (isset($code_external_tables[$table_id])) { $table_info = $code_external_tables[$table_id]; $table_name = $table_info[EXT_TABLE_NAME]; $code_col = $table_info[EXT_COL_CODE]; $desc_col = $table_info[DISPLAY_DESCRIPTION] == "" ? $table_info[EXT_COL_DESCRIPTION] : $table_info[DISPLAY_DESCRIPTION]; $desc_col_short = $table_info[DISPLAY_DESCRIPTION] == "" ? $table_info[EXT_COL_DESCRIPTION_BRIEF] : $table_info[DISPLAY_DESCRIPTION]; $sqlArray = array(); $sql = "SELECT " . $desc_col . " as code_text," . $desc_col_short . " as code_text_short FROM " . $table_name; // include the "JOINS" so that we get the preferred term instead of the FullySpecifiedName when appropriate. foreach ($table_info[EXT_JOINS] as $join_info) { $join_table = $join_info[JOIN_TABLE]; $check_table = sqlQuery("SHOW TABLES LIKE '" . $join_table . "'"); if (empty($check_table)) { HelpfulDie("Missing join table in code set search:" . $join_table); } $sql .= " INNER JOIN " . $join_table; $sql .= " ON "; $not_first = false; foreach ($join_info[JOIN_FIELDS] as $field) { if ($not_first) { $sql .= " AND "; } $sql .= $field; $not_first = true; } } $sql .= " WHERE "; // Start building up the WHERE clause // When using the external codes table, we have to filter by the code_type. (All the other tables only contain one type) if ($table_id == 0) { $sql .= " code_type = '" . add_escape_custom($code_types[$codetype]['id']) . "' AND "; } // Specify the code in the query. $sql .= $table_name . "." . $code_col . "=? "; array_push($sqlArray, $code); // We need to include the filter clauses // For SNOMED and SNOMED-CT this ensures that we get the Preferred Term or the Fully Specified Term as appropriate // It also prevents returning "inactive" results foreach ($table_info[EXT_FILTER_CLAUSES] as $filter_clause) { $sql .= " AND " . $filter_clause; } // END building the WHERE CLAUSE if ($table_info[EXT_VERSION_ORDER]) { $sql .= " ORDER BY " . $table_info[EXT_VERSION_ORDER]; } $sql .= " LIMIT 1"; $crow = sqlQuery($sql, $sqlArray); if (!empty($crow[$desc_detail])) { if ($code_text) { $code_text .= '; '; } $code_text .= $crow[$desc_detail]; } } else { //using an external code that is not yet supported, so skip. } } } return $code_text; }