function setpid($new_pid) { global $pid; $_SESSION['pid'] = $new_pid; $pid = $new_pid; newEvent("view", $_SESSION["authUser"], $_SESSION["authProvider"], 1, $pid); }
function row_modify($table, $set, $where) { if (sqlQuery("SELECT * FROM {$table} WHERE {$where}")) { newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "{$table}: {$where}"); $query = "UPDATE {$table} SET {$set} WHERE {$where}"; echo $query . "<br>\n"; sqlStatement($query); } }
function rhl7LogMsg($msg, $fatal = true) { // global $rhl7_return, $rhl7_segnum; $rhl7_return['mssgs'][] = $msg; if ($fatal) { $rhl7_return['fatal'] = true; newEvent("lab-results-error", $_SESSION['authUser'], $_SESSION['authProvider'], 0, $msg); } return $rhl7_return; }
function rhl7LogMsg($msg, $fatal = true) { global $rhl7_return; if ($fatal) { $rhl7_return['mssgs'][] = '*' . $msg; $rhl7_return['fatal'] = true; newEvent("lab-results-error", $_SESSION['authUser'], $_SESSION['authProvider'], 0, $msg); } else { $rhl7_return['mssgs'][] = '>' . $msg; } return $rhl7_return; }
function row_delete($table, $where) { $tres = sqlStatement("SELECT * FROM {$table} WHERE {$where}"); $count = 0; while ($trow = sqlFetchArray($tres)) { $logstring = ""; foreach ($trow as $key => $value) { if (!$value || $value == '0000-00-00 00:00:00') { continue; } if ($logstring) { $logstring .= " "; } $logstring .= $key . "='" . addslashes($value) . "'"; } newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "{$table}: {$logstring}"); ++$count; } if ($count) { $query = "DELETE FROM {$table} WHERE {$where}"; echo $query . "<br>\n"; sqlStatement($query); } }
function transmitCCD($ccd, $recipient, $requested_by) { global $pid; $config_err = xl("Direct messaging is currently unavailable.") . " EC:"; if ($GLOBALS['phimail_enable'] == false) { return "{$config_err} 1"; } $phimail_server = @parse_url($GLOBALS['phimail_server_address']); $phimail_username = $GLOBALS['phimail_username']; $phimail_password = $GLOBALS['phimail_password']; switch ($phimail_server['scheme']) { case "http": $server = "tcp://" . $phimail_server['host']; break; case "https": $server = "ssl://" . $phimail_server['host']; break; default: return "{$config_err} 2"; } $fp = @fsockopen($server, $phimail_server['port']); if ($fp === false) { return "{$config_err} 3"; } @fwrite($fp, "AUTH {$phimail_username} {$phimail_password}\n"); fflush($fp); $ret = fgets($fp, 256); if ($ret != "OK\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 4"; } fwrite($fp, "TO {$recipient}\n"); fflush($fp); $ret = fgets($fp, 256); if ($ret != "OK\n") { fwrite($fp, "BYE\n"); fclose($fp); return xl("Delivery is not currently permitted to the specified Direct Address."); } $ret = fgets($fp, 1024); //ignore extra server data if ($requested_by == "patient") { $text_out = xl("Delivery of the attached clinical document was requested by the patient."); } else { $text_out = xl("A clinical document is attached."); } $text_len = strlen($text_out); fwrite($fp, "TEXT {$text_len}\n"); fflush($fp); $ret = @fgets($fp, 256); if ($ret != "BEGIN\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 5"; } fwrite($fp, $text_out); fflush($fp); $ret = @fgets($fp, 256); if ($ret != "OK\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 6"; } $ccd_out = $ccd->saveXml(); $ccd_len = strlen($ccd_out); fwrite($fp, "CDA {$ccd_len}\n"); fflush($fp); $ret = fgets($fp, 256); if ($ret != "BEGIN\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 7"; } fwrite($fp, $ccd_out); fflush($fp); $ret = fgets($fp, 256); if ($ret != "OK\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 8"; } fwrite($fp, "SEND\n"); fflush($fp); $ret = fgets($fp, 256); fwrite($fp, "BYE\n"); fclose($fp); if ($requested_by == "patient") { $reqBy = "portal-user"; $sql = "SELECT id FROM users WHERE username='******'"; if (($r = sqlStatementNoLog($sql)) === FALSE || ($u = sqlFetchArray($r)) === FALSE) { $reqID = 1; //default if we don't have a service user } else { $reqID = $u['id']; } } else { $reqBy = $_SESSION['authUser']; $reqID = $_SESSION['authUserID']; } if (substr($ret, 5) == "ERROR") { //log the failure newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid); return xl("The message could not be sent at this time."); } /** * If we get here, the message was successfully sent and the return * value $ret is of the form "QUEUED recipient message-id" which * is suitable for logging. */ $msg_id = explode(" ", trim($ret), 4); if ($msg_id[0] != "QUEUED" || !isset($msg_id[2])) { //unexpected response $ret = "UNEXPECTED RESPONSE: " . $ret; newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid); return xl("There was a problem sending the message."); } newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 1, $ret, $pid); $adodb = $GLOBALS['adodb']['db']; $sql = "INSERT INTO direct_message_log (msg_type,msg_id,sender,recipient,status,status_ts,patient_id,user_id) " . "VALUES ('S', ?, ?, ?, 'S', NOW(), ?, ?)"; $res = @sqlStatementNoLog($sql, array($msg_id[2], $phimail_username, $recipient, $pid, $reqID)); return "SUCCESS"; }
<?php include "functionsClasses.php"; //functionen Includieren // pr�fen ob Passwort und user name eingebebn wurd und obs richtig ist if (isset($_POST["userpass"]) and isset($_POST["username"]) and $_POST["username"] != "") { session_register("username"); // Userid in Session speichern $_SESSION['username'] = $_POST["username"]; $name = $_SESSION['username']; UserDBConnect(); if (UserDBCheck_user($_POST["username"], $_POST["userpass"]) == true) { //Beim ersten Pageload sind nur die schon vorhandne Events zum anzeigen //beim erneuten Pageload neue mit eintragen if (isset($POST["beschreibung"]) and isset($POST["jahr"]) and isset($POST["monat"]) and isset($POST["tag"]) and isset($POST["zeit"]) and $_POST["beschreibung"] != "" and $_POST["jahr"] != "" and $_POST["monat"] != "" and $_POST["tag"] != "" and $_POST["zeit"] != "") { //Neuen Event eintragen newEvent($POST["beschreibung"], $POST["jahr"], $POST["monat"], $POST["tag"], $_POST["zeit"]); } else { include "home_box.php"; } } else { include "error_box.php"; } } else { //Calendar neu laden inOrdnung($name); } ?>
// $FEE_SHEET_COLUMNS should be defined in codes.php. if (empty($FEE_SHEET_COLUMNS)) { $FEE_SHEET_COLUMNS = 2; } // Update price level in patient demographics if it's changed. if (!empty($_POST['pricelevel'])) { $fs->updatePriceLevel($_POST['pricelevel']); } $current_checksum = $fs->visitChecksum(); // It's important to look for a checksum mismatch even if we're just refreshing // the display, otherwise the error goes undetected on a refresh-then-save. if (isset($_POST['form_checksum'])) { if ($_POST['form_checksum'] != $current_checksum) { $alertmsg = xl('Someone else has just changed this visit. Please cancel this page and try again.'); $comment = "CHECKSUM ERROR, expecting '{$_POST['form_checksum']}'"; newEvent("checksum", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $comment, $pid); } } if (!$alertmsg && ($_POST['bn_save'] || $_POST['bn_save_close'])) { $alertmsg = $fs->checkInventory($_POST['prod']); } // If Save or Save-and-Close was clicked, save the new and modified billing // lines; then if no error, redirect to $GLOBALS['form_exit_url']. // if (!$alertmsg && ($_POST['bn_save'] || $_POST['bn_save_close'])) { $main_provid = 0 + $_POST['ProviderID']; $main_supid = 0 + $_POST['SupervisorID']; $fs->save($_POST['bill'], $_POST['prod'], $main_provid, $main_supid, $_POST['default_warehouse'], $_POST['bn_save_close']); // Note: Taxes are computed at checkout time (in pos_checkout.php which // also posts to SL). Currently taxes with insurance claims make no sense, // so for now we'll ignore tax computation in the insurance billing logic.
} } if ($form_step == 7) { // create the final compressed tar containing all files $form_status .= xl('Backup file has been created. Will now send download.') . "<br />"; echo nl2br($form_status); $cur_dir = getcwd(); chdir($BACKUP_DIR); $file_list = array('.'); if (!create_tar_archive($TAR_FILE_PATH, '', $file_list)) { die(xl("Error: Unable to create downloadable archive")); } chdir($cur_dir); /* To log the backup event */ if ($GLOBALS['audit_events_backup']) { newEvent("backup", $_SESSION['authUser'], $_SESSION['authProvider'], 0, "Backup is completed"); } $auto_continue = true; } if ($form_step == 101) { echo xl('Select the configuration items to export') . ":"; echo "<br /> <br />\n"; echo "<input type='checkbox' name='form_cb_services' value='1' />\n"; echo " " . xl('Services') . "<br />\n"; echo "<input type='checkbox' name='form_cb_products' value='1' />\n"; echo " " . xl('Products') . "<br />\n"; echo "<input type='checkbox' name='form_cb_lists' value='1' />\n"; echo " " . xl('Lists') . "<br />\n"; echo "<input type='checkbox' name='form_cb_layouts' value='1' />\n"; echo " " . xl('Layouts') . "<br />\n"; echo "<input type='checkbox' name='form_cb_prices' value='1' />\n";
// If requested, link the issue to a specified encounter. if ($thisenc) { $query = "INSERT INTO issue_encounter ( " . "pid, list_id, encounter " . ") VALUES ( " . "'{$thispid}', '{$issue}', '{$thisenc}'" . ")"; sqlStatement($query); } $tmp_title = $ISSUE_TYPES[$text_type][2] . ": {$form_begin} " . substr($_POST['form_title'], 0, 40); // Close this window and redisplay the updated list of issues. // reload_close($info_msg, $issue, $tmp_title); } else { if ($_POST['form_reconcile']) { if ($issue) { $query = "UPDATE lists SET " . "reconcilestatus = '" . $_POST['form_reconcilestatus'] . "', " . "reconcilenote = '" . $_POST['form_reconcilenote'] . "', " . "reconciledate = NOW() " . "WHERE id = '{$issue}'"; sqlStatement($query); } newEvent('patient-medication-reconcile-update', $_SESSION['user'], $_SESSION['authProvider'], 1, $query); if ($GLOBALS['reconcile_in_pnotes']) { addPnote($thispid, "{$_SESSION['user']} has reconciled {$_POST['form_title']} with status '{$_POST['form_reconcilestatus']}' and note '{$_POST['form_reconcilenote']}'", 1, 1, 'Pharmacy'); } reload_close($info_msg, $issue, $tmp_title); } } $irow = array(); if ($issue) { $irow = sqlQuery("SELECT * FROM lists WHERE id = {$issue}"); } else { if ($thistype) { $irow['type'] = $thistype; } } $type_index = 0;
if ($noteid) { updatePnote($noteid, $note, $_POST['form_note_type'], $_POST['assigned_to']); } else { $noteid = addPnote($patient_id, $note, $userauthorized, '1', $_POST['form_note_type'], $_POST['assigned_to']); } if ($docid) { setGpRelation(1, $docid, 6, $noteid); } if ($orderid) { setGpRelation(2, $orderid, 6, $noteid); } $noteid = ''; } elseif ($mode == "delete") { if ($noteid) { deletePnote($noteid); newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $noteid); } $noteid = ''; } } $title = ''; $assigned_to = $_SESSION['authUser']; if ($noteid) { $prow = getPnoteById($noteid, 'title,assigned_to,body'); $title = $prow['title']; $assigned_to = $prow['assigned_to']; } // Get the users list. The "Inactive" test is a kludge, we should create // a separate column for this. $ures = sqlStatement("SELECT username, fname, lname FROM users " . "WHERE username != '' AND active = 1 AND " . "( info IS NULL OR info NOT LIKE '%Inactive%' ) " . "ORDER BY lname, fname"); $pres = getPatientData($patient_id, "lname, fname");
include_once "{$srcdir}/pnotes.inc"; include_once "{$srcdir}/transactions.inc"; include_once "{$srcdir}/lists.inc"; include_once "{$srcdir}/patient.inc"; include_once "{$srcdir}/options.inc.php"; // The number of authorizations to display in the quick view: // MAR 20041008 the full authorizations screen sucks... no links to the patient charts // increase to a high number to make the mini frame more useful. $N = 50; $atemp = sqlQuery("SELECT see_auth FROM users WHERE username = ?", array($_SESSION['authUser'])); $see_auth = $atemp['see_auth']; $imauthorized = $_SESSION['userauthorized'] || $see_auth > 2; // This authorizes everything for the specified patient. if (isset($_GET["mode"]) && $_GET["mode"] == "authorize" && $imauthorized) { $retVal = getProviderId($_SESSION['authUser']); newEvent("authorize", $_SESSION["authUser"], $_SESSION["authProvider"], 1, $_GET["pid"]); sqlStatement("update billing set authorized=1 where pid=?", array($_GET["pid"])); sqlStatement("update forms set authorized=1 where pid=?", array($_GET["pid"])); sqlStatement("update pnotes set authorized=1 where pid=?", array($_GET["pid"])); sqlStatement("update transactions set authorized=1 where pid=?", array($_GET["pid"])); } ?> <html> <head> <?php html_header_show(); ?> <link rel='stylesheet' href="<?php echo $css_header; ?> " type="text/css">
if (isset($_GET['action'])) { switch ($_GET['action']) { case 'loadEvents': loadEvents($mysqli); break; case 'deleteEvent': deleteEvent($mysqli); break; case 'editEvent': editEvent($mysqli); break; case 'getUserName': getUserName(); break; case 'newEvent': newEvent($mysqli); break; default: printError("Invalid Action Request"); break; } } } function loadEvents($db) { //make sure the request was sent properly if (!(isset($_GET['month']) && isset($_GET['year']))) { printError("Invalid Request"); } $username = $_SESSION['username']; $month = $_GET['month'];
function transmitCCD($data = array()) { $ccd = $data['ccd']; $recipient = $data['recipient']; $requested_by = $data['requested_by']; $xml_type = $data['xml_type']; if (UserService::valid($data[0]) == 'existingpatient') { try { $_SESSION['authProvider'] = 1; global $pid; //get patient name in Last_First format (used for CCDA filename) and //First Last for the message text. $patientData = getPatientPID(array("pid" => $pid)); if (empty($patientData[0]['lname'])) { $att_filename = ""; $patientName2 = ""; } else { //spaces are the argument delimiter for the phiMail API calls and must be removed $extension = $xml_type == 'CCDA' ? 'xml' : strtolower($xml_type); $att_filename = " " . str_replace(" ", "_", $xml_type . "_" . $patientData[0]['lname'] . "_" . $patientData[0]['fname']) . "." . $extension; $patientName2 = $patientData[0]['fname'] . " " . $patientData[0]['lname']; } $config_err = xl("Direct messaging is currently unavailable.") . " EC:"; if ($GLOBALS['phimail_enable'] == false) { return "{$config_err} 1"; } $fp = phimail_connect($err); if ($fp === false) { return "{$config_err} {$err}"; } $phimail_username = $GLOBALS['phimail_username']; $phimail_password = $GLOBALS['phimail_password']; $ret = phimail_write_expect_OK($fp, "AUTH {$phimail_username} {$phimail_password}\n"); if ($ret !== TRUE) { return "{$config_err} 4"; } $ret = phimail_write_expect_OK($fp, "TO {$recipient}\n"); if ($ret !== TRUE) { return xl("Delivery is not allowed to the specified Direct Address."); } $ret = fgets($fp, 1024); //ignore extra server data if ($requested_by == "patient") { $text_out = xl("Delivery of the attached clinical document was requested by the patient") . ($patientName2 == "" ? "." : ", " . $patientName2 . "."); } else { $text_out = xl("A clinical document is attached") . ($patientName2 == "" ? "." : " " . xl("for patient") . " " . $patientName2 . "."); } $text_len = strlen($text_out); phimail_write($fp, "TEXT {$text_len}\n"); $ret = @fgets($fp, 256); if ($ret != "BEGIN\n") { phimail_close($fp); return "{$config_err} 5"; } $ret = phimail_write_expect_OK($fp, $text_out); if ($ret !== TRUE) { return "{$config_err} 6"; } if (in_array($xml_type, array('CCR', 'CCDA', 'CDA'))) { $ccd = simplexml_load_string($ccd); $ccd_out = $ccd->saveXml(); $ccd_len = strlen($ccd_out); phimail_write($fp, "ADD " . ($xml_type == "CCR" ? $xml_type . ' ' : "CDA ") . $ccd_len . $att_filename . "\n"); //phimail_write($fp,"ADD " . (isset($xml_type) ? $xml_type . ' ' : "CDA ") . $ccd_len . $att_filename . "\n"); } else { if (strtolower($xml_type) == 'html' || strtolower($xml_type) == 'pdf') { $ccd_out = base64_decode($ccd); $message_length = strlen($ccd_out); $add_type = strtolower($xml_type) == 'html' ? 'TEXT' : 'RAW'; phimail_write($fp, "ADD " . $add_type . " " . $message_length . "" . $att_filename . "\n"); } } $ret = fgets($fp, 256); if ($ret != "BEGIN\n") { phimail_close($fp); return "{$config_err} 7"; } $ret = phimail_write_expect_OK($fp, $ccd_out); if ($ret !== TRUE) { return "{$config_err} 8"; } phimail_write($fp, "SEND\n"); $ret = fgets($fp, 256); phimail_close($fp); if ($requested_by == "patient") { $reqBy = "portal-user"; $sql = "SELECT id FROM users WHERE username='******'"; if (($r = sqlStatement($sql)) === FALSE || ($u = sqlFetchArray($r)) === FALSE) { $reqID = 1; //default if we don't have a service user } else { $reqID = $u['id']; } } else { $reqBy = $_SESSION['authUser']; $reqID = $_SESSION['authUserID']; } if (substr($ret, 5) == "ERROR") { //log the failure newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid); return xl("The message could not be sent at this time."); } /** * If we get here, the message was successfully sent and the return * value $ret is of the form "QUEUED recipient message-id" which * is suitable for logging. */ $msg_id = explode(" ", trim($ret), 4); if ($msg_id[0] != "QUEUED" || !isset($msg_id[2])) { //unexpected response $ret = "UNEXPECTED RESPONSE: " . $ret; newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid); return xl("There was a problem sending the message."); } newEvent("transmit-" . $xml_type, $reqBy, $_SESSION['authProvider'], 1, $ret, $pid); $adodb = $GLOBALS['adodb']['db']; // $sql="INSERT INTO direct_message_log (msg_type,msg_id,sender,recipient,status,status_ts,patient_id,user_id) " . // "VALUES ('S', ?, ?, ?, 'S', NOW(), ?, ?)"; // $res=@sqlStatement($sql,array($msg_id[2],$phimail_username,$recipient,$pid,$reqID)); return "SUCCESS"; } catch (Exception $e) { return 'Error: ' . $e->getMessage(); } } }
function verify_user_gacl_group($user) { global $phpgacl_location; if (isset($phpgacl_location)) { if (acl_get_group_titles($user) == 0) { newEvent('login', $user, $provider, 0, "failure: {$ip}. user not in any phpGACL groups. (bad username?)"); return false; } } return true; }
<?php //Create new event function newEvent($event, $userData) { createEvent($event, $userData['latitude'], $userData['longitude']); updateUserEvent($userData['ustreamUID'], $event); } //Join existing event function joinEvent($userData) { updateUserEvent($userData['ustreamUID'], $userData['event']); } //Search for events function search($event) { $eventArr = searchEvent($event); echo json_encode($eventArr); } if (isset($_REQUEST['actionType']) && isset($_REQUEST['eventName'])) { if ($_REQUEST['actionType'] == 1) { //SEARCH EVENTS search($_REQUEST['eventName']); } else { if ($_REQUEST['actionType'] == 2) { //CREATE EVENT newEvent($_REQUEST['eventName'], $userData); } } }
<?php include "functionsClasses.php"; if (isset($_GET['jahr'])) { //Neuen Event eintragen $beschr = $_GET["beschreibung"]; $jahr = $_GET["jahr"]; $tag = $_GET["tag"]; $monat = $_GET["monat"]; $zeit = $_GET["zeit"]; newEvent($beschr, $tag, $monat, $jahr, $zeit); //testEvent(); echo "<h1>OK</h1>"; } else { echo "<h1>MEEEEEPPP</h1>"; } echo "<html><head></head><body>"; include "usercalendar.php"; echo "<div id=\"userevents\">\r\n \t<h3> Hier können Sie Ihre Events eintragen!</h3> \r\n \t<form method=GET action=\"test.php\"> \r\n <table>\r\n <tr>\r\n <td><label>Event beschreibung:</label></td>\r\n <td><input name=\"beschreibung\" type=\"text\"></td>\r\n <td><label>Bsp: Party bei Huber </label></td>\r\n </tr>\r\n <tr>\r\n <td><label>Jahr des Events: </label></td>\r\n <td><input name=\"jahr\" type=\"text\" ></td>\r\n <td><label>Format: yyyy --> 2008</label></td>\t\t\r\n </tr>\r\n <tr>\r\n <td><label>Monat des Events: </label></td>\r\n <td><input name=\"monat\" type=\"text\" ></td>\r\n <td><label>Format: mm --> 01 bis 12</label></td>\t\t\r\n </tr>\r\n <tr>\r\n <td><label>Tag des Events: </label></td>\r\n <td><input name=\"tag\" type=\"text\" ></td>\r\n <td><label>Format: dd --> 01 bis 31</label></td>\t\t\r\n </tr>\r\n <tr>\r\n <td><label>Zeit des Events: </label></td>\r\n <td><input name=\"zeit\" type=\"text\"></td>\r\n <td><label>Format: 24:60:60 --> 00:00:00</label></td>\t\t\r\n </tr>\r\n </table>\r\n <input name=\"eintragen\" type=\"submit\" value=\"Event eintragen\">\r\n </form>\t\t\r\n\t </div><!-- userevents -->"; echo "</body></html>";
if ($title == "") { $title = $result['title']; } $body = $result['body']; if ($reply_to == "") { $reply_to = $result['pid']; } $form_message_status = $result['message_status']; } break; case "delete": // Delete selected message(s) from the Messages box (only). $delete_id = $_POST['delete_id']; for ($i = 0; $i < count($delete_id); $i++) { deletePnote($delete_id[$i]); newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $delete_id[$i]); } break; } if ($task == "addnew" or $task == "edit") { // Display the Messages page layout. echo "\n<form name=new_note id=new_note action=\"messages.php?showall=" . attr($showall) . "&sortby=" . attr($sortby) . "&sortorder=" . attr($sortorder) . "&begin=" . attr($begin) . "&{$activity_string_html}\" method=post>\n<input type=hidden name=noteid id=noteid value='" . attr($noteid) . "'>\n<input type=hidden name=task id=task value=add>"; ?> <div id="pnotes"><center> <table border='0' cellspacing='8'> <tr> <td class='text'> <b><?php echo htmlspecialchars(xl('Type'), ENT_NOQUOTES); ?> :</b>
if ($layout_id == "SRH") { $tablename = "lists_ippf_srh"; } else { if ($layout_id == "CON") { $tablename = "lists_ippf_con"; } else { if ($layout_id == "GCA") { $tablename = "lists_ippf_gcac"; } } } } } } sqlStatement("ALTER TABLE `" . $tablename . "` DROP `" . $row['field_id'] . "`"); newEvent("alter_table", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $tablename . " DROP " . trim($row['field_id'])); } } // Delete an entire group from the form sqlStatement("DELETE FROM layout_options WHERE " . " form_id = '" . $_POST['layout_id'] . "' " . " AND group_name = '" . $_POST['deletegroupname'] . "'"); } else { if ($_POST['formaction'] == "movegroup" && $layout_id) { $results = sqlStatement("SELECT DISTINCT(group_name) AS gname " . "FROM layout_options WHERE form_id = '{$layout_id}' " . "ORDER BY gname"); $garray = array(); $i = 0; while ($result = sqlFetchArray($results)) { if ($result['gname'] == $_POST['movegroupname']) { if ($_POST['movedirection'] == 'up') { // moving up if ($i > 0) { $garray[$i] = $garray[$i - 1];
$xml_array["Labresultslist"]['reason'] = 'Lab results not found'; } /** * User Messages */ $sql = "SELECT pnotes.id, pnotes.user, pnotes.pid, pnotes.title, pnotes.date,pnotes.body, pnotes.message_status, \n IF(pnotes.user != pnotes.pid,users.fname,patient_data.fname) as users_fname,\n IF(pnotes.user != pnotes.pid,users.lname,patient_data.lname) as users_lname,\n patient_data.fname as patient_data_fname, patient_data.lname as patient_data_lname\n FROM ((pnotes LEFT JOIN users ON pnotes.user = users.username) \n JOIN patient_data ON pnotes.pid = patient_data.pid) WHERE pnotes.message_status LIKE 'New' \n AND pnotes.deleted != '1' AND pnotes.date >= '{$date} 00:00:00' AND pnotes.date <= '{$date} 24:00:00' AND pnotes.assigned_to LIKE ?"; $messageResult = sqlStatement($sql, array($username)); if ($messageResult->_numOfRows > 0) { $xml_array["Messages"]['status'] = 0; $xml_array["Messages"]['reason'] = 'Messages Processed successfully'; $count = 1; while ($myrow = sqlFetchArray($messageResult)) { foreach ($myrow as $fieldName => $fieldValue) { $rowValue = xmlsafestring($fieldValue); $xml_array["Messages"]['Message-' . $count][$fieldName] = $rowValue; } $count++; } } else { $xml_array["Messages"]['status'] = -1; $xml_array["Messages"]['reason'] = 'Messages not found.'; } } $ip = $_SERVER['REMOTE_ADDR']; newEvent($event = 'login', $username, $groupname = 'Default', $success = '1', 'success: ' . $ip); } else { $xml_array['status'] = -1; $xml_array['reason'] = 'Username/Pin incorrect.'; } $xml = ArrayToXML::toXml($xml_array, 'MedMasterUser'); echo $xml;
function visitChecksum($pid, $encounter, $saved = false) { $rowb = sqlQuery("SELECT BIT_XOR(CRC32(CONCAT_WS(',', " . "id, code, modifier, units, fee, authorized, provider_id, ndc_info, justify, billed" . "))) AS checksum FROM billing WHERE " . "pid = ? AND encounter = ? AND activity = 1", array($pid, $encounter)); $rowp = sqlQuery("SELECT BIT_XOR(CRC32(CONCAT_WS(',', " . "sale_id, inventory_id, prescription_id, quantity, fee, sale_date, billed" . "))) AS checksum FROM drug_sales WHERE " . "pid = ? AND encounter = ?", array($pid, $encounter)); $ret = intval($rowb['checksum']) ^ intval($rowp['checksum']); if (CHECKSUM_LOGGING) { $comment = "Checksum = '{$ret}'"; $comment .= ", AJAX = " . (empty($_POST['running_as_ajax']) ? "false" : "true"); $comment .= ", Save = " . (empty($_POST['bn_save']) ? "false" : "true"); $comment .= ", Saved = " . ($saved ? "true" : "false"); newEvent("checksum", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $comment, $pid); } return $ret; }
$fake_register_globals = false; // include_once "../../globals.php"; include_once "{$srcdir}/sql.inc"; include_once "{$srcdir}/options.inc.php"; if (isset($_GET['mode'])) { if ($_GET['mode'] == "add") { $sql = "REPLACE INTO immunizations set \n id = ?,\n administered_date = if(?,?,NULL), \n immunization_id = ?,\n cvx_code = ?, \n manufacturer = ?,\n lot_number = ?,\n administered_by_id = if(?,?,NULL),\n administered_by = if(?,?,NULL),\n education_date = if(?,?,NULL), \n vis_date = if(?,?,NULL), \n note = ?,\n patient_id = ?,\n created_by = ?,\n updated_by = ?,\n create_date = now() "; $sqlBindArray = array(trim($_GET['id']), trim($_GET['administered_date']), trim($_GET['administered_date']), trim($_GET['form_immunization_id']), trim($_GET['cvx_code']), trim($_GET['manufacturer']), trim($_GET['lot_number']), trim($_GET['administered_by_id']), trim($_GET['administered_by_id']), trim($_GET['administered_by']), trim($_GET['administered_by']), trim($_GET['education_date']), trim($_GET['education_date']), trim($_GET['vis_date']), trim($_GET['vis_date']), trim($_GET['note']), $pid, $_SESSION['authId'], $_SESSION['authId']); sqlStatement($sql, $sqlBindArray); $administered_date = $education_date = date('Y-m-d'); $immunization_id = $cvx_code = $manufacturer = $lot_number = $administered_by_id = $note = $id = ""; $administered_by = $vis_date = ""; } elseif ($_GET['mode'] == "delete") { // log the event newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Immunization id " . $_GET['id'] . " deleted from pid " . $pid); // delete the immunization $sql = "DELETE FROM immunizations WHERE id =? LIMIT 1"; sqlStatement($sql, array($_GET['id'])); } elseif ($_GET['mode'] == "edit") { $sql = "select * from immunizations where id = ?"; $result = sqlQuery($sql, array($_GET['id'])); $administered_date = $result['administered_date']; $immunization_id = $result['immunization_id']; $cvx_code = $result['cvx_code']; $code_text = ''; if (!empty($cvx_code)) { $query = "SELECT codes.code_text as `code_text`, codes.code as `code` " . "FROM codes " . "LEFT JOIN code_types on codes.code_type = code_types.ct_id " . "WHERE code_types.ct_key = 'CVX' AND codes.code = ?"; $result_code_text = sqlQuery($query, array($cvx_code)); $code_text = $result_code_text['code_text']; }
function addOrDeleteColumn($layout_id, $field_id, $add = TRUE) { if (substr($layout_id, 0, 3) == 'LBF' || substr($layout_id, 0, 3) == 'LBT' || $layout_id == "FACUSR") { return; } if ($layout_id == "DEM") { $tablename = "patient_data"; } else { if ($layout_id == "HIS") { $tablename = "history_data"; } else { if ($layout_id == "SRH") { $tablename = "lists_ippf_srh"; } else { if ($layout_id == "CON") { $tablename = "lists_ippf_con"; } else { if ($layout_id == "GCA") { $tablename = "lists_ippf_gcac"; } else { die('Internal error in addOrDeleteColumn()'); } } } } } // Check if the column currently exists. $tmp = sqlQuery("SHOW COLUMNS FROM `{$tablename}` LIKE '{$field_id}'"); $column_exists = !empty($tmp); if ($add && !$column_exists) { sqlStatement("ALTER TABLE `{$tablename}` ADD `{$field_id}` TEXT"); newEvent("alter_table", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "{$tablename} ADD {$field_id}"); } else { if (!$add && $column_exists) { // Do not drop a column that has any data. $tmp = sqlQuery("SELECT `{$field_id}` FROM `{$tablename}` WHERE " . "`{$field_id}` IS NOT NULL AND `{$field_id}` != '' LIMIT 1"); if (!isset($tmp['field_id'])) { sqlStatement("ALTER TABLE `{$tablename}` DROP `{$field_id}`"); newEvent("alter_table", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "{$tablename} DROP {$field_id} "); } } } }
/** * @param string $collection * @param string $key * @param string $type * @param int $timestamp * @param int $ordinal * * @return EventInterface * @link https://orchestrate.io/docs/apiref#events-delete */ public function purgeEvent($collection, $key, $type, $timestamp, $ordinal) { $item = newEvent($collection, $key, $type, $timestamp, $ordinal); $item->purge(); return $item; }
} echo "<li>Altered last name of PID " . $otherPID . " to '" . $newlname . "'</li>"; // add patient notes regarding the merged data $notetext = "All related patient data has been merged into patient record PID# " . $masterPID; echo "<li>Added note about the merge to the PID " . $otherPID . "</li>"; if ($commitchanges == true) { addPnote($otherPID, $notetext); } $notetext = "All related patient data has been merged from patient record PID# " . $otherPID; echo "<li>Added note about the merge to the Master PID " . $masterPID . "</li>"; if ($commitchanges == true) { addPnote($masterPID, $notetext); } // add a log entry regarding the merged data if ($commitchanges == true) { newEvent("data_merge", $_SESSION['authUser'], "Default", 1, "Merged PID " . $otherPID . " data into master PID " . $masterPID); } echo "<li>Added entry to log</li>"; echo "<br><br>"; } // end of otherID loop function UpdateTable($tablename, $pid_col, $oldvalue, $newvalue) { global $commitchanges, $oemrdb; $sqlstmt = "select count(*) as numrows from " . $tablename . " where " . $pid_col . "='" . $oldvalue . "'"; $qResults = sqlQ($sqlstmt); if ($qResults) { $row = sqlFetchArray($qResults); if ($row['numrows'] > 0) { $sqlstmt = "update " . $tablename . " set " . $pid_col . "='" . $newvalue . "' where " . $pid_col . "='" . $oldvalue . "'"; if ($commitchanges == true) {
/** * API function for CCDA fetching */ public function ccdaFetching($parameterArray = array()) { $validResult = $this->getEncounterccdadispatchTable()->valid($parameterArray[0]); // validate credentials if ($validResult == 'existingpatient') { global $assignedEntity; global $representedOrganization; $mirth_ip = $this->getEncounterccdadispatchTable()->getSettings('Carecoordination', 'hie_mirth_ip'); $representedOrganization = $this->getEncounterccdadispatchTable()->getRepresentedOrganization(); $this->patient_id = $this->getEncounterccdadispatchTable()->getPatientId($parameterArray[0][6]); //$this->getRequest()->getQuery('pid'); $this->patient_username = $parameterArray[0][6]; $this->encounter_id = isset($parameterArray['encounter']) ? $parameterArray['encounter'] : ''; $combination = isset($parameterArray['combination']) ? $parameterArray['combination'] : ''; $this->sections = isset($parameterArray['sections']) ? $parameterArray['sections'] : ''; $sent_by = isset($parameterArray['sent_by']) ? $parameterArray['sent_by'] : ''; $send = isset($parameterArray['send']) ? $parameterArray['send'] : 0; $view = isset($parameterArray['view']) ? $parameterArray['view'] : 0; $emr_transfer = isset($parameterArray['emr_transfer']) ? $parameterArray['emr_transfer'] : 0; $this->recipients = isset($parameterArray['recipients']) ? $parameterArray['recipients'] : ''; if ($this->recipients == 'patient') { $this->params = $this->patient_id; } else { $this->params = isset($parameterArray['param']) ? $parameterArray['param'] : ''; } if ($sent_by != '') { $_SESSION['authId'] = $sent_by; } if (!$this->sections) { $components0 = $this->getEncounterccdadispatchTable()->getCCDAComponents(0); foreach ($components0 as $key => $value) { if ($str) { $str .= '|'; } $str .= $key; } $this->sections = $str; } if (!$this->components) { $components1 = $this->getEncounterccdadispatchTable()->getCCDAComponents(1); foreach ($components1 as $key => $value) { if ($str1) { $str1 .= '|'; } $str1 .= $key; } $this->components = $str1; } if ($combination != '') { $arr = explode('|', $combination); foreach ($arr as $row) { $arr = explode('_', $row); $this->patient_id = $arr[0]; $this->encounter_id = $arr[1] > 0 ? $arr[1] : NULL; $this->create_data($this->patient_id, $this->encounter_id, $this->sections, $send, $this->components); $content = $this->socket_get("{$mirth_ip}", "6661", $this->data); if ($content == 'Authetication Failure') { return $content; die; } $to_replace = '<?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="CDA.xsl"?> <ClinicalDocument xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:hl7-org:v3 http://xreg2.nist.gov:8080/hitspValidation/schema/cdar2c32/infrastructure/cda/C32_CDA.xsd" xmlns="urn:hl7-org:v3" xmlns:mif="urn:hl7-org:v3/mif"> <!--'; $content = preg_replace('/<ClinicalDocument.*><!--/', $to_replace, trim($content)); $ccdaDocumentId = $this->getEncounterccdadispatchTable()->logCCDA($this->patient_id, $this->encounter_id, base64_encode($content), $this->createdtime, 0, $_SESSION['authId'], $view, $send, $emr_transfer); try { $event = isset($parameterArray['event']) ? $parameterArray['event'] : 'patient-record'; $menu_item = isset($parameterArray['menu_item']) ? $parameterArray['menu_item'] : 'Dashboard'; newEvent($event, $this->patient_username, '', 1, '', $this->patient_id, $log_from = 'patient-portal', $menu_item, $ccdaDocumentId); } catch (Exception $e) { } } if (!$view) { return "Queued for Transfer"; } if ($view) { $xml = simplexml_load_string($content); $xsl = new \DOMDocument(); $xsl->load(dirname(__FILE__) . '/../../../../../public/xsl/ccda.xsl'); $proc = new \XSLTProcessor(); $proc->importStyleSheet($xsl); // attach the xsl rules $outputFile = sys_get_temp_dir() . '/out_' . time() . '.html'; $proc->transformToURI($xml, $outputFile); $htmlContent = file_get_contents($outputFile); return $htmlContent; } die; } else { $practice_filename = "CCDA_{$this->patient_id}.xml"; $this->create_data($this->patient_id, $this->encounter_id, $this->sections, $send, $this->components); $content = $this->socket_get("{$mirth_ip}", "6661", $this->data); $to_replace = '<?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="CDA.xsl"?> <ClinicalDocument xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:hl7-org:v3 http://xreg2.nist.gov:8080/hitspValidation/schema/cdar2c32/infrastructure/cda/C32_CDA.xsd" xmlns="urn:hl7-org:v3" xmlns:mif="urn:hl7-org:v3/mif"> <!--'; $content = preg_replace('/<ClinicalDocument.*><!--/', $to_replace, trim($content)); $ccdaDocumentId = $this->getEncounterccdadispatchTable()->logCCDA($this->patient_id, $this->encounter_id, base64_encode($content), $this->createdtime, 0, $_SESSION['authId'], $view, $send, $emr_transfer); try { $event = isset($parameterArray['event']) ? $parameterArray['event'] : 'patient-record'; $menu_item = isset($parameterArray['menu_item']) ? $parameterArray['menu_item'] : 'Dashboard'; newEvent($event, $this->patient_username, '', 1, '', $this->patient_id, $log_from = 'patient-portal', $menu_item, $ccdaDocumentId); } catch (Exception $e) { } return $content; die; } try { ob_clean(); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=" . $practice_filename); header("Content-Type: application/download"); header("Content-Transfer-Encoding: binary"); return $content; exit; } catch (Exception $e) { die('SOAP Error'); } } else { return '<?xml version="1.0" encoding="UTF-8"?> <!-- Edited by XMLSpy --> <note> <heading>Authetication Failure</heading> <body></body> </note> '; } }
/** * Transmit HL7 for the specified lab. * * @param integer $ppid Procedure provider ID. * @param string $out The HL7 text to be sent. * @return string Error text, or empty if no errors. */ function send_hl7_order($ppid, $out) { global $srcdir; $d0 = "\r"; $pprow = sqlQuery("SELECT * FROM procedure_providers " . "WHERE ppid = ?", array($ppid)); if (empty($pprow)) { return xl('Procedure provider') . " {$ppid} " . xl('not found'); } $protocol = $pprow['protocol']; $remote_host = $pprow['remote_host']; // Extract MSH-10 which is the message control ID. $segmsh = explode(substr($out, 3, 1), substr($out, 0, strpos($out, $d0))); $msgid = $segmsh[9]; if (empty($msgid)) { return xl('Internal error: Cannot find MSH-10'); } if ($protocol == 'DL' || $pprow['orders_path'] === '') { header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=order_{$msgid}.hl7"); header("Content-Description: File Transfer"); echo $out; exit; } else { if ($protocol == 'SFTP') { ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . "{$srcdir}/phpseclib"); require_once "{$srcdir}/phpseclib/Net/SFTP.php"; // Compute the target path/file name. $filename = $msgid . '.txt'; if ($pprow['orders_path']) { $filename = $pprow['orders_path'] . '/' . $filename; } // Connect to the server and write the file. $sftp = new Net_SFTP($remote_host); if (!$sftp->login($pprow['login'], $pprow['password'])) { return xl('Login to this remote host failed') . ": '{$remote_host}'"; } if (!$sftp->put($filename, $out)) { return xl('Creating this file on remote host failed') . ": '{$filename}'"; } } else { if ($protocol == 'FS') { // Compute the target path/file name. $filename = $msgid . '.txt'; if ($pprow['orders_path']) { $filename = $pprow['orders_path'] . '/' . $filename; } $fh = fopen("{$filename}", 'w'); if ($fh) { fwrite($fh, $out); fclose($fh); } else { return xl('Cannot create file') . ' "' . "{$filename}" . '"'; } } else { return xl('This protocol is not implemented') . ": '{$protocol}'"; } } } // Falling through to here indicates success. newEvent("proc_order_xmit", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "ID: {$msgid} Protocol: {$protocol} Host: {$remote_host}"); return ''; }
} /** * User Messages */ $sql = "SELECT pnotes.id, pnotes.user, pnotes.pid, pnotes.title, pnotes.date,pnotes.body, pnotes.message_status, \n IF(pnotes.user != pnotes.pid,users.fname,patient_data.fname) as users_fname,\n IF(pnotes.user != pnotes.pid,users.lname,patient_data.lname) as users_lname,\n patient_data.fname as patient_data_fname, patient_data.lname as patient_data_lname\n FROM ((pnotes LEFT JOIN users ON pnotes.user = users.username) \n JOIN patient_data ON pnotes.pid = patient_data.pid) WHERE pnotes.message_status LIKE 'New' \n AND pnotes.deleted != '1' AND pnotes.date >= '{$date} 00:00:00' AND pnotes.date <= '{$date} 24:00:00' AND pnotes.assigned_to LIKE ?"; $messageResult = sqlStatement($sql, array($username)); if ($messageResult->_numOfRows > 0) { $xml_array["Messages"]['status'] = 0; $xml_array["Messages"]['reason'] = 'Messages Processed successfully'; $count = 1; while ($myrow = sqlFetchArray($messageResult)) { foreach ($myrow as $fieldName => $fieldValue) { $rowValue = xmlsafestring($fieldValue); $xml_array["Messages"]['Message-' . $count][$fieldName] = $rowValue; } $count++; } } else { $xml_array["Messages"]['status'] = -1; $xml_array["Messages"]['reason'] = 'Messages not found.'; } } $ip = $_SERVER['REMOTE_ADDR']; newEvent($event = 'login', $username, $groupname = 'Default', $success = '1', 'success: ' . $ip); } else { newEvent($event = 'login', $username, $groupname = 'Default', $success = '1', 'failure: ' . $ip . ". user password mismatch (" . sha1($password) . ")"); $xml_array['status'] = -1; $xml_array['reason'] = 'Username/Password incorrect.'; } $xml = ArrayToXML::toXml($xml_array, 'MedMasterUser'); echo $xml;
check_file_dir_name($_REQUEST["formname"]); if (file_exists($deleteform)) { include_once $deleteform; exit; } // if no custom 'delete' form, then use a generic one // when the Cancel button is pressed, where do we go? $returnurl = $GLOBALS['concurrent_layout'] ? 'encounter_top.php' : 'patient_encounter.php'; if ($_POST['confirm']) { // set the deleted flag of the indicated form $sql = "update forms set deleted=1 where id= ?"; if ($_POST['id'] != "*" && $_POST['id'] != '') { sqlInsert($sql, array($_POST['id'])); } // log the event newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Form " . $_POST['formname'] . " deleted from Encounter " . $_POST['encounter']); // redirect back to the encounter $address = "{$GLOBALS['rootdir']}/patient_file/encounter/{$returnurl}"; echo "\n<script language='Javascript'>top.restoreSession();window.location='{$address}';</script>\n"; exit; } ?> <html> <head> <?php html_header_show(); ?> <link rel="stylesheet" href="<?php echo $css_header; ?>
$_SESSION['site']['flops'] = 0; if (isset($_POST['action'])) { // ************************************************************************************* // Add new record // ************************************************************************************* if ($_POST['action'] == "add") { $sql = "REPLACE INTO \n\t\t\t\t\timmunizations\n\t\t\t\tSET \n\t\t\t\t\tid = ?,\n\t\t\t\t\tadministered_date = if(?,?,NULL), \n\t\t\t\t\timmunization_id = ?,\n\t\t\t\t\tmanufacturer = ?,\n\t\t\t\t\tlot_number = ?,\n\t\t\t\t\tadministered_by_id = if(?,?,NULL),\n\t\t\t\t\tadministered_by = if(?,?,NULL),\n\t\t\t\t\teducation_date = if(?,?,NULL), \n\t\t\t\t\tvis_date = if(?,?,NULL), \n\t\t\t\t\tnote = ?,\n\t\t\t\t\tpatient_id = ?,\n\t\t\t\t\tcreated_by = ?,\n\t\t\t\t\tupdated_by = ?,\n\t\t\t\t\tcreate_date = now() "; $sqlBindArray = array(trim($_POST['id']), trim($_POST['administered_date']), trim($_POST['administered_date']), trim($_POST['immunization_id']), trim($_POST['manufacturer']), trim($_POST['lotnumber']), trim($_POST['administered_by_id']), trim($_POST['administered_by_id']), trim($_POST['administered_by']), trim($_POST['administered_by']), trim($_POST['education_date']), trim($_POST['education_date']), trim($_POST['vis_date']), trim($_POST['vis_date']), trim($_POST['note']), $pid, $_SESSION['authId'], $_SESSION['authId']); sqlStatement($sql, $sqlBindArray); $administered_date = $education_date = date('Y-m-d'); $immunization_id = $manufacturer = $lot_number = $administered_by_id = $note = $id = ""; $administered_by = $vis_date = ""; } elseif ($_POST['action'] == "delete") { // Need to be fixed, the GRID it's not calling the form for deletion. // log the event newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], "Immunization id " . $_POST['id'] . " deleted from pid " . $_POST['pid']); // delete the immunization $sql = "DELETE FROM immunizations WHERE id =" . mysql_real_escape_string($_POST['id']) . " LIMIT 1"; sqlStatement($sql); } elseif ($_POST['action'] == "save") { $sql = "UPDATE \n\t\t\t\t\timmunizations\n\t\t\t\tSET \n\t\t\t\t\tadministered_date = if(?,?,NULL), \n\t\t\t\t\timmunization_id = ?,\n\t\t\t\t\tmanufacturer = ?,\n\t\t\t\t\tlot_number = ?,\n\t\t\t\t\tadministered_by_id = if(?,?,NULL),\n\t\t\t\t\tadministered_by = if(?,?,NULL),\n\t\t\t\t\teducation_date = if(?,?,NULL), \n\t\t\t\t\tvis_date = if(?,?,NULL), \n\t\t\t\t\tnote = ?,\n\t\t\t\t\tpatient_id = ?,\n\t\t\t\t\tcreated_by = ?,\n\t\t\t\t\tupdated_by = ?\n\t\t\t\tWHERE \n\t\t\t\t\tid = ?"; $sqlBindArray = array(trim($_POST['administered_date']), trim($_POST['administered_date']), trim($_POST['immunization_id']), trim($_POST['manufacturer']), trim($_POST['lotnumber']), trim($_POST['administered_by_id']), trim($_POST['administered_by_id']), trim($_POST['administered_by']), trim($_POST['administered_by']), trim($_POST['education_date']), trim($_POST['education_date']), trim($_POST['vis_date']), trim($_POST['vis_date']), trim($_POST['note']), $pid, $_SESSION['authId'], $_SESSION['authId'], trim($_POST['id'])); sqlStatement($sql, $sqlBindArray); $administered_date = $education_date = date('Y-m-d'); $immunization_id = $manufacturer = $lot_number = $administered_by_id = $note = $id = ""; $administered_by = $vis_date = ""; } } // ************************************************************************************* // Sensha Ext JS Start // New Gui Framework