function addBilling2($encounter, $code_type, $code, $code_text, $modifier = "", $units = "", $fee = "0.00", $justify) { $justify_string = ''; if ($justify) { //trim eahc entry foreach ($justify as $temp_justify) { $justify_trimmed[] = trim($temp_justify); } //format it $justify_string = implode(":", $justify_trimmed) . ":"; } $code_type = formDataCore($code_type); $code = formDataCore($code); $code_text = formDataCore($code_text); $modifier = formDataCore($modifier); $units = formDataCore($units); $fee = formDataCore($fee); $justify_string = formDataCore($justify_string); // set to authorize billing codes as default - bm // could place logic here via acls to control who // can authorize as a feature in the future $authorized = 1; $sql = "insert into billing (date, encounter, code_type, code, code_text, pid, authorized, user, groupname,activity,billed,provider_id,modifier,units,fee,justify) values (NOW(), '" . $_SESSION['encounter'] . "', '{$code_type}', '{$code}', '{$code_text}', '" . $_SESSION['pid'] . "', '{$authorized}', '" . $_SESSION['authId'] . "', '" . $_SESSION['authProvider'] . "',1,0," . $_SESSION['authUserID'] . ",'{$modifier}','{$units}','{$fee}','{$justify_string}')"; return sqlInsert($sql); }
/** * Offsite Portal connection function library. * * Copyright (C) 2013 Z&H Consultancy Services Private Limited <*****@*****.**> * * LICENSE: This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;. * * @package OpenEMR * @author Eldho Chacko <*****@*****.**> * @author Vinish K <*****@*****.**> * @link http://www.open-emr.org */ function portal_connection(){ global $credentials; $password = $GLOBALS['portal_offsite_password']; $randkey = ''; $timminus = date("Y-m-d H:m",(strtotime(date("Y-m-d H:m"))-7200)).":00"; sqlStatement("DELETE FROM audit_details WHERE audit_master_id IN(SELECT id FROM audit_master WHERE type=5 AND created_time<=?)",array($timminus)); sqlStatement("DELETE FROM audit_master WHERE type=5 AND created_time<=?",array($timminus)); do{ $randkey = substr(md5(rand().rand()), 0, 8); $res = sqlStatement("SELECT * FROM audit_details WHERE field_value = ?",array($randkey)); $cnt = sqlNumRows($res); } while($cnt>0); $password = sha1($password.gmdate("Y-m-d H").$randkey); $grpID = sqlInsert("INSERT INTO audit_master SET type=5"); sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=?",array($randkey,$grpID)); $credentials = array($GLOBALS['portal_offsite_username'],$password,$randkey); //CALLING WEBSERVICE ON THE PATIENT-PORTAL $client = new SoapClient(null, array( 'location' => $GLOBALS['portal_offsite_address_patient_link']."/webservice/webserver.php", 'uri' => "urn://portal/req" ) ); return $client; }
function catch_logs() { $sql = sqlStatement("select * from log where id not in(select log_id from log_validator) and checksum is NOT null and checksum != ''"); while ($row = sqlFetchArray($sql)) { sqlInsert("INSERT into log_validator (log_id,log_checksum) VALUES(?,?)", array($row['id'], $row['checksum'])); } }
/** * Provision new radius account(s) */ function p_new() { $db =& DB(); $this->account['id']; for ($i = 0; $i < $this->plugin_data['max']; $i++) { $fields = array('service_id' => $this->service['id'], 'account_id' => $this->account['id'], 'auth' => $this->plugin_data['auth']); $db->Execute(sqlInsert($db, "radius_service", $fields)); } return true; }
function arPostSession($payer_id, $check_number, $check_date, $pay_total, $post_to_date, $deposit_date, $debug) { $query = "INSERT INTO ar_session( " . "payer_id,user_id,closed,reference,check_date,pay_total,post_to_date,deposit_date,patient_id,payment_type,adjustment_code,payment_method " . ") VALUES ( " . "'{$payer_id}'," . $_SESSION['authUserID'] . "," . "0," . "'ePay - {$check_number}'," . "'{$check_date}', " . "{$pay_total}, " . "'{$post_to_date}','{$deposit_date}', " . "0,'insurance','insurance_payment','electronic'" . ")"; if ($debug) { echo $query . "<br>\n"; } else { $sessionId = sqlInsert($query); return $sessionId; } }
function md5_pass($length = 8) { $randkey = substr(md5(rand() . rand()), 0, $length); $res = sqlStatement("SELECT * FROM audit_master AS am LEFT OUTER JOIN audit_details AS ad ON ad.audit_master_id=am.id WHERE type=5 AND field_value=?", array($randkey)); if (sqlNumRows($res)) { md5_pass(); } else { $grpID = sqlInsert("INSERT INTO audit_master SET type=5"); sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=?", array($randkey, $grpID)); return $randkey; } }
function setNewPassword($account_id, $password, $hashed = true) { $db =& DB(); if (!$hashed) { $this->hashPassword($password); } /* update last_date in existing passwords to indicate they are no longer in use */ $fields['date_last'] = time(); $db->Execute($sql = "update " . AGILE_DB_PREFIX . "account_password_history set date_last = " . time() . " where account_id = {$account_id}"); /* insert new password */ $fields = array('date_orig' => time(), 'date_last' => 0, 'account_id' => $account_id, 'password' => $password, 'ip' => USER_IP); $db->Execute(sqlInsert($db, "account_password_history", $fields)); }
function do_visit_form($irow, $encounter, $first) { global $insert_count, $debug, $verbose; $pid = $irow['pid']; // If a gcac form already exists for this visit, get out. $row = sqlQuery("SELECT COUNT(*) AS count FROM forms WHERE " . "pid = '{$pid}' AND encounter = '{$encounter}' AND " . "formdir = 'LBFgcac' AND deleted = 0"); if ($row['count']) { echo "<br />*** Visit {$pid}.{$encounter} skipped, already has a GCAC visit form ***\n"; return; } $a = array('client_status' => $irow['client_status'], 'in_ab_proc' => $irow['in_ab_proc'], 'ab_location' => $irow['ab_location'], 'complications' => $irow['fol_compl'], 'contrameth' => $irow['contrameth']); // logic that applies only to the first related visit if ($first) { if ($a['ab_location'] == 'ma') { $a['ab_location'] = 'proc'; } $a['complications'] = $irow['rec_compl']; $a['contrameth'] = ''; } $newid = 0; $didone = false; foreach ($a as $field_id => $value) { if ($value !== '') { if ($newid) { $query = "INSERT INTO lbf_data " . "( form_id, field_id, field_value ) " . " VALUES ( '{$newid}', '{$field_id}', '{$value}' )"; if ($verbose) { echo "<br />{$query}\n"; } if (!$debug) { sqlStatement($query); } } else { $query = "INSERT INTO lbf_data " . "( field_id, field_value ) " . " VALUES ( '{$field_id}', '{$value}' )"; if ($verbose) { echo "<br />{$query}\n"; } if (!$debug) { $newid = sqlInsert($query); } } $didone = true; } } if ($newid && !$debug) { addForm($encounter, 'IPPF GCAC', $newid, 'LBFgcac', $pid, 1); ++$insert_count; } if (!$didone) { echo "<br />*** Empty issue skipped for visit {$pid}.{$encounter} ***\n"; } }
function createToken($userId, $create = true, $device_token = '') { $token = md5(uniqid(rand(), 1)); $query = "SELECT * FROM api_tokens WHERE user_id = ?"; $token_result = sqlQuery($query, array($userId)); if ($create || !$token_result) { $strQuery = "INSERT INTO api_tokens VALUES('', '" . add_escape_custom($userId) . "' ,'" . add_escape_custom($token) . "','" . add_escape_custom($device_token) . "' ,'" . date('Y-m-d h:i:s') . "', '',0,0,0,0)"; $result = sqlInsert($strQuery); } else { $strQuery = "UPDATE `api_tokens` SET `token` = '" . add_escape_custom($token) . "' "; if ($device_token) { $strQuery .= ",`device_token` = '" . add_escape_custom($device_token) . "' "; } $strQuery .= "WHERE `user_id` = ?"; $result = sqlStatement($strQuery, array($userId)); } if ($result) { return $token; } else { return false; } }
function frontPayment($patient_id, $encounter, $method, $source, $amount1, $amount2, $timestamp, $auth = "") { if (empty($auth)) { $auth = $_SESSION['authUser']; } $tmprow = sqlQuery("SELECT date FROM form_encounter WHERE " . "encounter=? and pid=?", array($encounter, $patient_id)); //the manipulation is done to insert the amount paid into payments table in correct order to show in front receipts report, //if the payment is for today's encounter it will be shown in the report under today field and otherwise shown as previous $tmprowArray = explode(' ', $tmprow['date']); if (date('Y-m-d') == $tmprowArray[0]) { if ($amount1 == 0) { $amount1 = $amount2; $amount2 = 0; } } else { if ($amount2 == 0) { $amount2 = $amount1; $amount1 = 0; } } $payid = sqlInsert("INSERT INTO payments ( " . "pid, encounter, dtime, user, method, source, amount1, amount2 " . ") VALUES ( ?, ?, ?, ?, ?, ?, ?, ?)", array($patient_id, $encounter, $timestamp, $auth, $method, $source, $amount1, $amount2)); return $payid; }
function todaysEncounter($patient_id, $reason = '') { global $today, $userauthorized; if (empty($reason)) { $reason = xl('Please indicate visit reason'); } // Was going to use the existing encounter for today if there is one, but // decided it's right to always create a new one. Leaving the code here // (and corresponding function above) in case it is ever wanted later. /******************************************************************* $encounter = todaysEncounterIf($patient_id); if ($encounter) return $encounter; *******************************************************************/ $tmprow = sqlQuery("SELECT username, facility, facility_id FROM users " . "WHERE id = ?", array($_SESSION["authUserID"])); $username = $tmprow['username']; $facility = $tmprow['facility']; $facility_id = $tmprow['facility_id']; $conn = $GLOBALS['adodb']['db']; $encounter = $conn->GenID("sequences"); $provider_id = $userauthorized ? $_SESSION['authUserID'] : 0; addForm($encounter, "New Patient Encounter", sqlInsert("INSERT INTO form_encounter SET date = ?, onset_date = ?, " . "reason = ?, facility = ?, facility_id = ?, pid = ?, encounter = ?, " . "provider_id = ?", array($today, $today, $reason, $facility, $facility_id, $patient_id, $encounter, $provider_id)), "newpatient", $patient_id, $userauthorized, "NOW()", $username); return $encounter; }
/** * * @param <type> $facility * @return <type> returns the id */ function addNewLabFacility($facility) { $query = "INSERT INTO users ( " . "username, password, authorized, info, source, " . "title, fname, lname, mname, " . "federaltaxid, federaldrugid, upin, facility, see_auth, active, npi, taxonomy, " . "specialty, organization, valedictory, assistant, billname, email, url, " . "street, streetb, city, state, zip, " . "street2, streetb2, city2, state2, zip2," . "phone, phonew1, phonew2, phonecell, fax, notes, abook_type " . ") VALUES ( " . "'', " . "'', " . "0, " . "'', " . "NULL, " . "'" . trim($facility->FacilityDirectorTitle) . "', " . "'" . trim($facility->FacilityDirectorFirstName) . "', " . "'" . trim($facility->FacilityDirectorLastName) . "', " . "'', " . "'', " . "'', " . "'', " . "'', " . "0, " . "1, " . "'', " . "'', " . "'', " . "'" . trim($facility->FacilityName) . "', " . "'', " . "'', " . "'', " . "'', " . "'', " . "'" . trim($facility->FacilityAddress) . "', " . "'', " . "'" . trim($facility->FacilityCity) . "', " . "'" . trim($facility->FacilityState) . "', " . "'" . trim($facility->FacilityZip) . "', " . "'', " . "'', " . "'', " . "'', " . "'', " . "'" . trim($facility->FacilityPhone) . "', " . "'', " . "'', " . "'', " . "'', " . "'', " . "'ord_lab'" . ")"; return sqlInsert($query); }
include_once "../../globals.php"; // allow a custom 'delete' form $deleteform = $incdir . "/forms/" . $_REQUEST["formname"] . "/delete.php"; check_file_dir_name($_REQUEST["formname"]); if (file_exists($deleteform)) { include_once $deleteform; exit; } // if no custom 'delete' form, then use a generic one // when the Cancel button is pressed, where do we go? $returnurl = $GLOBALS['concurrent_layout'] ? 'encounter_top.php' : 'patient_encounter.php'; if ($_POST['confirm']) { // set the deleted flag of the indicated form $sql = "update forms set deleted=1 where id= ?"; if ($_POST['id'] != "*" && $_POST['id'] != '') { sqlInsert($sql, array($_POST['id'])); } // log the event newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Form " . $_POST['formname'] . " deleted from Encounter " . $_POST['encounter']); // redirect back to the encounter $address = "{$GLOBALS['rootdir']}/patient_file/encounter/{$returnurl}"; echo "\n<script language='Javascript'>top.restoreSession();window.location='{$address}';</script>\n"; exit; } ?> <html> <head> <?php html_header_show(); ?>
$runit['option_id'] = $runit['option_id'] + 1; } } if ($medArray[$i]['DosageFrequencyDescription']) { $qint = sqlStatement("SELECT option_id FROM list_options WHERE list_id='drug_interval' AND title = ?", array($medArray[$i]['DosageFrequencyDescription'])); $rint = sqlFetchArray($qint); if (sqlNumRows($qint) <= 0) { $rint = sqlQuery("SELECT option_id AS option_id FROM list_options WHERE list_id='drug_interval' ORDER BY ABS(option_id) DESC LIMIT 1"); sqlQuery("INSERT INTO list_options (list_id,option_id,title,seq) VALUES ('drug_interval',?,?,?)", array($rint['option_id'] + 1, $medArray[$i]['DosageFrequencyDescription'], $rint['option_id'] + 1)); $rint['option_id'] = $rint['option_id'] + 1; } } $check = sqlStatement("select * from prescriptions where prescriptionguid=? and patient_id=? and prescriptionguid is not null", array($medArray[$i]['PrescriptionGuid'], $medArray[$i]['ExternalPatientID'])); $prescription_id = ''; if (sqlNumRows($check) == 0) { $prescription_id = sqlInsert("insert into prescriptions \n (\n patient_id,provider_id,encounter,date_added,drug,drug_id,drug_info_erx,form,dosage,size,unit,route,`INTERVAL`,refills,note,`DATETIME`,\n `USER`,site,prescriptionguid,erx_source,rxnorm_drugcode\n )\n values\n (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,NOW(),?,?,?,'1',?)", array($medArray[$i]['ExternalPatientID'], $provider['id'], $encounter, substr($medArray[$i]['PrescriptionDate'], 0, 10), $medArray[$i]['DrugName'], $medArray[$i]['DrugID'], $medArray[$i]['DrugInfo'], $rin['option_id'], $medArray[$i]['DosageNumberDescription'], number($medArray[$i]['Strength']), $runit['option_id'], $rroute['option_id'], $rint['option_id'], $medArray[$i]['Refills'], $medArray[$i]['PrescriptionNotes'], $_SESSION['authUserID'], $medArray[$i]['SiteID'], $medArray[$i]['PrescriptionGuid'], $medArray[$i]['rxcui'])); $j++; } else { sqlQuery("update prescriptions set \n provider_id=?, drug=?, drug_id=?, drug_info_erx=?, form=?, dosage=?, size=? ,unit=?, route=?, `INTERVAL`=?, refills=?, note=?, \n `DATETIME`=NOW(),`USER`=?, site=? ,erx_source='1', rxnorm_drugcode=?, active='1'\n WHERE prescriptionguid=? AND patient_id=?\n ", array($provider['id'], $medArray[$i]['DrugName'], $medArray[$i]['DrugID'], $medArray[$i]['DrugInfo'], $rin['option_id'], $medArray[$i]['DosageNumberDescription'], number($medArray[$i]['Strength']), $runit['option_id'], $rroute['option_id'], $rint['option_id'], $medArray[$i]['Refills'], $medArray[$i]['PrescriptionNotes'], $_SESSION['authUserID'], $medArray[$i]['SiteID'], $medArray[$i]['rxcui'], $medArray[$i]['PrescriptionGuid'], $medArray[$i]['ExternalPatientID'])); } $result = sqlFetchArray($check); if ($result['id']) { $prescription_id = $result['id']; } processAmcCall('e_prescribe_amc', true, 'add', $medArray[$i]['ExternalPatientID'], 'prescriptions', $prescription_id); } if ($j != 0) { sqlQuery("update patient_data set soap_import_status=? where pid=?", array('2', $pid)); } if ($xml_response_count == 0) { echo htmlspecialchars(xl("Nothing to import for Prescription"), ENT_NOQUOTES);
} } </script> </head> <body class="body_top"> <?php // If we are saving, then save and close the window. // if ($_POST['form_save']) { if ($userid) { $query = "UPDATE users SET " . "abook_type = " . invalue('form_abook_type') . ", " . "title = " . invalue('form_title') . ", " . "fname = " . invalue('form_fname') . ", " . "lname = " . invalue('form_lname') . ", " . "mname = " . invalue('form_mname') . ", " . "specialty = " . invalue('form_specialty') . ", " . "organization = " . invalue('form_organization') . ", " . "valedictory = " . invalue('form_valedictory') . ", " . "assistant = " . invalue('form_assistant') . ", " . "federaltaxid = " . invalue('form_federaltaxid') . ", " . "upin = " . invalue('form_upin') . ", " . "npi = " . invalue('form_npi') . ", " . "taxonomy = " . invalue('form_taxonomy') . ", " . "email = " . invalue('form_email') . ", " . "url = " . invalue('form_url') . ", " . "street = " . invalue('form_street') . ", " . "streetb = " . invalue('form_streetb') . ", " . "city = " . invalue('form_city') . ", " . "state = " . invalue('form_state') . ", " . "zip = " . invalue('form_zip') . ", " . "street2 = " . invalue('form_street2') . ", " . "streetb2 = " . invalue('form_streetb2') . ", " . "city2 = " . invalue('form_city2') . ", " . "state2 = " . invalue('form_state2') . ", " . "zip2 = " . invalue('form_zip2') . ", " . "phone = " . invalue('form_phone') . ", " . "phonew1 = " . invalue('form_phonew1') . ", " . "phonew2 = " . invalue('form_phonew2') . ", " . "phonecell = " . invalue('form_phonecell') . ", " . "fax = " . invalue('form_fax') . ", " . "notes = " . invalue('form_notes') . " " . "WHERE id = '{$userid}'"; sqlStatement($query); } else { $userid = sqlInsert("INSERT INTO users ( " . "username, password, authorized, info, source, " . "title, fname, lname, mname, " . "federaltaxid, federaldrugid, upin, facility, see_auth, active, npi, taxonomy, " . "specialty, organization, valedictory, assistant, billname, email, url, " . "street, streetb, city, state, zip, " . "street2, streetb2, city2, state2, zip2, " . "phone, phonew1, phonew2, phonecell, fax, notes, abook_type " . ") VALUES ( " . "'', " . "'', " . "0, " . "'', " . "NULL, " . invalue('form_title') . ", " . invalue('form_fname') . ", " . invalue('form_lname') . ", " . invalue('form_mname') . ", " . invalue('form_federaltaxid') . ", " . "'', " . invalue('form_upin') . ", " . "'', " . "0, " . "1, " . invalue('form_npi') . ", " . invalue('form_taxonomy') . ", " . invalue('form_specialty') . ", " . invalue('form_organization') . ", " . invalue('form_valedictory') . ", " . invalue('form_assistant') . ", " . "'', " . invalue('form_email') . ", " . invalue('form_url') . ", " . invalue('form_street') . ", " . invalue('form_streetb') . ", " . invalue('form_city') . ", " . invalue('form_state') . ", " . invalue('form_zip') . ", " . invalue('form_street2') . ", " . invalue('form_streetb2') . ", " . invalue('form_city2') . ", " . invalue('form_state2') . ", " . invalue('form_zip2') . ", " . invalue('form_phone') . ", " . invalue('form_phonew1') . ", " . invalue('form_phonew2') . ", " . invalue('form_phonecell') . ", " . invalue('form_fax') . ", " . invalue('form_notes') . ", " . invalue('form_abook_type') . " " . ")"); } } else { if ($_POST['form_delete']) { if ($userid) { // Be careful not to delete internal users. sqlStatement("DELETE FROM users WHERE id = '{$userid}' AND username = ''"); } } } if ($_POST['form_save'] || $_POST['form_delete']) { // Close this window and redisplay the updated list. echo "<script language='JavaScript'>\n"; if ($info_msg) { echo " alert('{$info_msg}');\n"; }
include_once "../../globals.php"; include_once "../../../library/api.inc"; include_once "../../../library/forms.inc"; include_once "../../../library/sql.inc"; include_once "./content_parser.php"; include_once "../../../library/formdata.inc.php"; if ($_GET["mode"] == "delete") { foreach ($_POST as $key => $val) { if (substr($key, 0, 3) == 'ch_' and $val = 'on') { $id = substr($key, 3); if ($_POST['delete']) { sqlInsert("delete from " . mitigateSqlTableUpperCase("form_CAMOS") . " where id={$id}"); sqlInsert("delete from forms where form_name like 'CAMOS%' and form_id={$id}"); } if ($_POST['update']) { // Replace the placeholders before saving the form. This was changed in version 4.0. Previous to this, placeholders // were submitted into the database and converted when viewing. All new notes will now have placeholders converted // before being submitted to the database. Will also continue to support placeholder conversion on report // views to support notes within database that still contain placeholders (ie. notes that were created previous to // version 4.0). $content = strip_escape_custom($_POST['textarea_' . ${id}]); $content = add_escape_custom(replace($pid, $encounter, $content)); sqlInsert("update " . mitigateSqlTableUpperCase("form_CAMOS") . " set content='{$content}' where id={$id}"); } } } } $_SESSION["encounter"] = $encounter; formHeader("Redirecting...."); formJump(); formFooter();
$encounter_id = 0; if (empty($_POST['form_copy_sn_visit'])) { $info_msg .= "This patient has no visits! "; } else { $encounter_id = 0 + $_POST['form_copy_sn_visit']; } if (!$info_msg) { // Merge the selected pages. $info_msg .= mergeTiffs(); $tmp_name = "{$faxcache}/temp.tif"; } if (!$info_msg) { // The following is cloned from contrib/forms/scanned_notes/new.php: // $query = "INSERT INTO form_scanned_notes ( " . "notes " . ") VALUES ( " . "'" . $_POST['form_copy_sn_comments'] . "' " . ")"; $formid = sqlInsert($query); addForm($encounter_id, "Scanned Notes", $formid, "scanned_notes", $patient_id, $userauthorized); // $imagedir = "{$webserver_root}/documents/{$patient_id}/encounters"; $imagepath = "{$imagedir}/{$encounter_id}_{$formid}.jpg"; // if (!is_dir($imagedir)) { $tmp0 = exec("mkdir -p '{$imagedir}'", $tmp1, $tmp2); if ($tmp2) { die("mkdir returned {$tmp2}: {$tmp0}"); } exec("touch '{$imagedir}/index.html'"); } if (is_file($imagepath)) { unlink($imagepath); }
<?php //------------Forms generated from formsWiz include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); echo "{$var}\n"; } if ($encounter == "") { $encounter = date("Ymd"); } if ($_GET["mode"] == "new") { $newid = formSubmit("form_dictation", $_POST, $_GET["id"], $userauthorized); addForm($encounter, "Speech Dictation", $newid, "dictation", $pid, $userauthorized); } elseif ($_GET["mode"] == "update") { sqlInsert("update form_dictation set pid = {$_SESSION["pid"]},groupname='" . $_SESSION["authProvider"] . "',user='******',authorized={$userauthorized},activity=1, date = NOW(), dictation='" . $_POST["dictation"] . "', additional_notes='" . $_POST["additional_notes"] . "' where id={$id}"); } $_SESSION["encounter"] = $encounter; formHeader("Redirecting...."); formJump(); formFooter();
$id = "LBF{$id}"; } sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value, mapping, notes " . ") VALUES ( " . "'{$list_id}', " . "'" . $id . "', " . "'" . formTrim($iter['title']) . "', " . "'" . formTrim($iter['seq']) . "', " . "'" . formTrim($iter['default']) . "', " . "'" . $value . "', " . "'" . formTrim($iter['mapping']) . "', " . "'" . formTrim($iter['notes']) . "' " . ")"); } } } } } else { if ($_POST['formaction'] == 'addlist') { // make a new list ID from the new list name $newlistID = $_POST['newlistname']; $newlistID = preg_replace("/\\W/", "_", $newlistID); // determine the position of this new list $row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id= 'lists'"); // add the new list to the list-of-lists sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value " . ") VALUES ( " . "'lists'," . "'" . $newlistID . "'," . "'" . $_POST['newlistname'] . "', " . "'" . ($row['maxseq'] + 1) . "'," . "'1', '0')"); } else { if ($_POST['formaction'] == 'deletelist') { // delete the lists options sqlStatement("DELETE FROM list_options WHERE list_id = '" . $_POST['list_id'] . "'"); // delete the list from the master list-of-lists sqlStatement("DELETE FROM list_options WHERE list_id = 'lists' and option_id='" . $_POST['list_id'] . "'"); } } } $opt_line_no = 0; // Given a string of multiple instances of code_type|code|selector, // make a description for each. function getCodeDescriptions($codes) { global $code_types;
/** * Insert new prescription as external sourced * @param array $prescriptionData Information for creating prescription: [PrescriptionDate, DrugName, DrugID, DrugInfo, DosageNumberDescription, Strength, Refills, PrescriptionNotes, SiteID, rxcui, PrescriptionGuid, ExternalPatientID] * @param integer $encounter Id of encounter for prescription * @param integer $providerId Id of provider for prescription * @param string $authUserId Id of user creating prescription * @param integer $formOptionId Option Id for prescription form * @param integer $routeOptionId Option Id for prescription route * @param integer $unitsOptionId Option Id for prescription units * @param integer $intervalOptionId Option Id for prescription interval * @return integer Id of newly created prescription */ public function insertPrescriptions($prescriptionData, $encounter, $providerId, $authUserId, $formOptionId, $routeOptionId, $unitsOptionId, $intervalOptionId) { return sqlInsert('INSERT INTO `prescriptions` ( `datetime`, `erx_source`, `encounter`, `date_added`, `user`, `provider_id`, `form`, `unit`, `route`, `interval`, `drug`, `drug_id`, `drug_info_erx`, `dosage`, `size`, `refills`, `note`, `site`, `rxnorm_drugcode`, `prescriptionguid`, `patient_id` ) VALUES ( NOW(), \'1\', ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? );', array($encounter, substr($prescriptionData['PrescriptionDate'], 0, 10), $authUserId, $providerId, $formOptionId, $unitsOptionId, $routeOptionId, $intervalOptionId, $prescriptionData['DrugName'], $prescriptionData['DrugID'], $prescriptionData['DrugInfo'], $prescriptionData['DosageNumberDescription'], self::sanitizeNumber($prescriptionData['Strength']), $prescriptionData['Refills'], $prescriptionData['PrescriptionNotes'], $prescriptionData['SiteID'], $prescriptionData['rxcui'], $prescriptionData['PrescriptionGuid'], $prescriptionData['ExternalPatientID'])); }
$sets .= ", " . add_escape_custom($field_id) . " = NULL"; } else { // use sql placemaker (note need to explicitly escape the column label) $sets .= ", " . add_escape_custom($field_id) . " = ?"; array_push($sqlBindArray, $value); } } if ($transid) { //use sql placemaker array_push($sqlBindArray, $transid); sqlStatement("UPDATE transactions SET {$sets} WHERE id = ?", $sqlBindArray); } else { //use sql placemaker array_push($sqlBindArray, $pid); $sets .= ", pid = ?"; $transid = sqlInsert("INSERT INTO transactions SET {$sets}", $sqlBindArray); } if ($GLOBALS['concurrent_layout']) { $body_onload_code = "javascript:location.href='transactions.php';"; } else { $body_onload_code = "javascript:parent.Transactions.location.href='transactions.php';"; } } /************************************ //Migrated this to the list_options engine (transactions list) $trans_types = array( 'Referral' => xl('Referral'), 'Patient Request' => xl('Patient Request'), 'Physician Request' => xl('Physician Request'), 'Legal' => xl('Legal'), 'Billing' => xl('Billing'),
function manage_tracker_status($apptdate,$appttime,$eid,$pid,$user,$status='',$room='',$enc_id='') { #First ensure the eid is not a recurrent appointment. If it is, then do not do anything and return false. $pc_appt = sqlQuery("SELECT `pc_recurrtype` FROM `openemr_postcalendar_events` WHERE `pc_eid` = ?", array($eid)); if ($pc_appt['pc_recurrtype'] != 0) { return false; } $datetime = date("Y-m-d H:i:s"); if (is_null($room)) { $room = ''; } #Check to see if there is an entry in the patient_tracker table. $tracker = sqlQuery("SELECT id, apptdate, appttime, eid, pid, original_user, encounter, lastseq,". "patient_tracker_element.room AS lastroom,patient_tracker_element.status AS laststatus ". "from `patient_tracker`". "LEFT JOIN patient_tracker_element " . "ON patient_tracker.id = patient_tracker_element.pt_tracker_id " . "AND patient_tracker.lastseq = patient_tracker_element.seq " . "WHERE `apptdate` = ? AND `appttime` = ? " . "AND `eid` = ? AND `pid` = ?", array($apptdate,$appttime,$eid,$pid)); if (empty($tracker)) { #Add a new tracker. $tracker_id = sqlInsert("INSERT INTO `patient_tracker` " . "(`date`, `apptdate`, `appttime`, `eid`, `pid`, `original_user`, `encounter`, `lastseq`) " . "VALUES (?,?,?,?,?,?,?,'1')", array($datetime,$apptdate,$appttime,$eid,$pid,$user,$enc_id)); #If there is a status or a room, then add a tracker item. if (!empty($status) || !empty($room)) { sqlInsert("INSERT INTO `patient_tracker_element` " . "(`pt_tracker_id`, `start_datetime`, `user`, `status`, `room`, `seq`) " . "VALUES (?,?,?,?,?,'1')", array($tracker_id,$datetime,$user,$status,$room)); } } else { #Tracker already exists. $tracker_id = $tracker['id']; if (($status != $tracker['laststatus']) || ($room != $tracker['lastroom'])) { #Status or room has changed, so need to update tracker. #Update lastseq in tracker. sqlStatement("UPDATE `patient_tracker` SET `lastseq` = ? WHERE `id` = ?", array(($tracker['lastseq']+1),$tracker_id)); #Add a tracker item. sqlInsert("INSERT INTO `patient_tracker_element` " . "(`pt_tracker_id`, `start_datetime`, `user`, `status`, `room`, `seq`) " . "VALUES (?,?,?,?,?,?)", array($tracker_id,$datetime,$user,$status,$room,($tracker['lastseq']+1))); } if (!empty($enc_id)) { #enc_id (encounter number) is not blank, so update this in tracker. sqlStatement("UPDATE `patient_tracker` SET `encounter` = ? WHERE `id` = ?", array($enc_id,$tracker_id)); } } #Ensure the entry in calendar appt entry has been updated. $pc_appt = sqlQuery("SELECT `pc_apptstatus`, `pc_room` FROM `openemr_postcalendar_events` WHERE `pc_eid` = ?", array($eid)); if ($status != $pc_appt['pc_apptstatus']) { sqlStatement("UPDATE `openemr_postcalendar_events` SET `pc_apptstatus` = ? WHERE `pc_eid` = ?", array($status,$eid)); } if ($room != $pc_appt['pc_room']) { sqlStatement("UPDATE `openemr_postcalendar_events` SET `pc_room` = ? WHERE `pc_eid` = ?", array($room,$eid)); } if( $GLOBALS['drug_screen'] && !empty($status) && is_checkin($status)) { $yearly_limit = $GLOBALS['maximum_drug_test_yearly']; $percentage = $GLOBALS['drug_testing_percentage']; random_drug_test($tracker_id,$percentage,$yearly_limit); } # Returning the tracker id that has been managed return $tracker_id; }
$formid = sqlInsert($query); addForm($encounter, "Procedure Order", $formid, "procedure_order", $pid, $userauthorized); } // Remove any existing procedures and their answers for this order and // replace them from the form. sqlStatement("DELETE FROM procedure_answers WHERE procedure_order_id = ?", array($formid)); sqlStatement("DELETE FROM procedure_order_code WHERE procedure_order_id = ?", array($formid)); for ($i = 0; isset($_POST['form_proc_type'][$i]); ++$i) { $ptid = $_POST['form_proc_type'][$i] + 0; if ($ptid <= 0) { continue; } $prefix = "ans{$i}" . "_"; sqlBeginTrans(); $procedure_order_seq = sqlQuery("SELECT IFNULL(MAX(procedure_order_seq),0) + 1 AS increment FROM procedure_order_code WHERE procedure_order_id = ? ", array($formid)); $poseq = sqlInsert("INSERT INTO procedure_order_code SET " . "procedure_order_id = ?, " . "diagnoses = ?, " . "procedure_order_title = ?, " . "procedure_code = (SELECT procedure_code FROM procedure_type WHERE procedure_type_id = ?), " . "procedure_name = (SELECT name FROM procedure_type WHERE procedure_type_id = ?)," . "procedure_order_seq = ? ", array($formid, strip_escape_custom($_POST['form_proc_type_diag'][$i]), strip_escape_custom($_POST['form_proc_order_title'][$i]), $ptid, $ptid, $procedure_order_seq['increment'])); sqlCommitTrans(); $qres = sqlStatement("SELECT " . "q.procedure_code, q.question_code, q.options, q.fldtype " . "FROM procedure_type AS t " . "JOIN procedure_questions AS q ON q.lab_id = t.lab_id " . "AND q.procedure_code = t.procedure_code AND q.activity = 1 " . "WHERE t.procedure_type_id = ? " . "ORDER BY q.seq, q.question_text", array($ptid)); while ($qrow = sqlFetchArray($qres)) { $options = trim($qrow['options']); $qcode = trim($qrow['question_code']); $fldtype = $qrow['fldtype']; $data = ''; if ($fldtype == 'G') { if ($_POST["G1_{$prefix}{$qcode}"]) { $data = $_POST["G1_{$prefix}{$qcode}"] * 7 + $_POST["G2_{$prefix}{$qcode}"]; } } else { $data = $_POST["{$prefix}{$qcode}"]; } if (!isset($data) || $data === '') {
$insert_value = $value; } $statement = sqlStatement("select id from " . mitigateSqlTableUpperCase("form_CAMOS_item") . " where item like \"{$insert_value}\" " . "and subcategory_id = {$subcategory_id}"); if ($result = sqlFetchArray($statement)) { $item_id = $result['id']; } } elseif ($mode == 'content') { $statement = sqlStatement("select content from " . mitigateSqlTableUpperCase("form_CAMOS_item") . " where id = " . $item_id); if ($result = sqlFetchArray($statement)) { //$content = "/*old*/\n\n".$result['content']."\n\n/*new*/\n\n$value"; $content = $value; } else { $content = $value; } $query = "UPDATE " . mitigateSqlTableUpperCase("form_CAMOS_item") . " set content = \"{$content}\" where id = " . $item_id; sqlInsert($query); } } } fclose($handle); } } ?> <html> <head> <title> admin </title> </head> <body> <p>
<?php // If we are saving, then save and close the window. // if ($_POST['form_save']) { $ins_id = ''; $ins_name = $_POST['form_name']; if ($ins_id) { // sql for updating could go here if this script is enhanced to support // editing of existing insurance companies. } else { $ins_id = generate_id(); sqlInsert("INSERT INTO insurance_companies ( " . "id, name, attn, cms_id, freeb_type, x12_receiver_id, x12_default_partner_id " . ") VALUES ( " . $ins_id . ", " . "'" . $ins_name . "', " . "'" . $_POST['form_attn'] . "', " . "'" . $_POST['form_cms_id'] . "', " . "'" . $_POST['form_freeb_type'] . "', " . "'" . $_POST['form_partner'] . "', " . "'" . $_POST['form_partner'] . "' " . ")"); sqlInsert("INSERT INTO addresses ( " . "id, line1, line2, city, state, zip, country, foreign_id " . ") VALUES ( " . generate_id() . ", " . "'" . $_POST['form_addr1'] . "', " . "'" . $_POST['form_addr2'] . "', " . "'" . $_POST['form_city'] . "', " . "'" . $_POST['form_state'] . "', " . "'" . $_POST['form_zip'] . "', " . "'" . $_POST['form_country'] . "', " . $ins_id . " " . ")"); $phone_parts = array(); preg_match("/(\\d\\d\\d)\\D*(\\d\\d\\d)\\D*(\\d\\d\\d\\d)/", $_POST['form_phone'], $phone_parts); sqlInsert("INSERT INTO phone_numbers ( " . "id, country_code, area_code, prefix, number, type, foreign_id " . ") VALUES ( " . generate_id() . ", " . "'+1'" . ", " . "'" . $phone_parts[1] . "', " . "'" . $phone_parts[2] . "', " . "'" . $phone_parts[3] . "', " . "'2'" . ", " . $ins_id . " " . ")"); } // Close this window and tell our opener to select the new company. // echo "<script language='JavaScript'>\n"; if ($info_msg) { echo " alert('{$info_msg}');\n"; } echo " parent.\$.fn.fancybox.close();\n"; echo " top.restoreSession();\n"; echo " if (parent.set_insurance) parent.set_insurance({$ins_id},'{$ins_name}');\n"; echo "</script></body></html>\n"; exit; } // Query x12_partners. $xres = sqlStatement("SELECT id, name FROM x12_partners ORDER BY name");
// // Author: Eldho Chacko <*****@*****.**> // Jacob T Paul <*****@*****.**> // // +------------------------------------------------------------------------------+ //SANITIZE ALL ESCAPES $sanitize_all_escapes = true; // //STOP FAKE REGISTER GLOBALS $fake_register_globals = false; // require_once "../../interface/globals.php"; if (trim($_POST['contextname']) != '' && $_POST['action'] == 'add') { $res = sqlStatement("SELECT * FROM customlists WHERE cl_list_type=2 AND cl_deleted=0 AND cl_list_item_long=?", array($_POST['contextname'])); if (!sqlNumRows($res)) { $id = sqlInsert("INSERT INTO customlists (cl_list_type,cl_list_item_long) VALUES(?,?)", array(2, $_POST['contextname'])); sqlStatement("UPDATE customlists SET cl_list_id=? WHERE cl_list_slno=?", array($id, $id)); } } elseif ($_POST['action'] == 'delete' && $_POST['item'] != '') { sqlStatement("UPDATE customlists SET cl_deleted=1 WHERE cl_list_type=2 AND cl_list_slno=?", array($_POST['item'])); } elseif ($_POST['action'] == 'update' && $_POST['item'] != '') { sqlStatement("UPDATE customlists SET cl_list_item_long=? WHERE cl_deleted=0 AND cl_list_type=2 AND cl_list_slno=?", array($_POST['updatecontextname'], $_POST['item'])); } ?> <html> <head> <link rel="stylesheet" href="<?php echo $css_header; ?> " type="text/css"> <style>
// => procedure_result.date $comment = $result->CommentText; //=> procedure_result.comments //Do something with result, ie put in DB //echo $resultCode . ":" .$value . " " . $unit. "\n"; $check_type2 = sqlQuery("SELECT COUNT(*) AS count FROM procedure_type WHERE procedure_type_id = '" . add_escape_custom($resultCode) . "'"); if ($check_type2['count'] <= 0) { $sql_type_data = "procedure_type_id = '" . add_escape_custom($resultCode) . "', " . "parent = '" . add_escape_custom($observationCode) . "', " . "name = '" . add_escape_custom($resultCodeTex) . "', " . "procedure_type = 'res'"; $type_id = sqlInsert("INSERT INTO procedure_type SET {$sql_type_data}"); } $result_status = mapResultStatus($resultStatus); $abnormalFlag = mapAbnormalStatus($abnormalFlag); $check_result = sqlQuery("SELECT COUNT(*) AS count, procedure_result_id FROM procedure_result WHERE procedure_report_id = '" . add_escape_custom($report_id) . "' AND procedure_type_id = '" . add_escape_custom($resultCode) . "'"); if ($check_result['count'] <= 0) { $sql_result_data = "procedure_report_id = '" . add_escape_custom($report_id) . "', " . "procedure_type_id = '" . add_escape_custom($resultCode) . "', " . "date = DATE_FORMAT('" . add_escape_custom($resultDateTime . '00') . "', '%Y%m%d%H%i%s'), " . "facility = '" . add_escape_custom($str_facilityId) . "', " . "units = '" . add_escape_custom($unit) . "', " . "result = '" . add_escape_custom($value) . "', " . "`range` = '" . add_escape_custom($referenceRange) . "', " . "abnormal = '" . add_escape_custom($abnormalFlag) . "', " . "comments = '" . add_escape_custom($comment) . "', " . "result_status = '" . add_escape_custom($result_status) . "'"; sqlInsert("INSERT INTO procedure_result SET {$sql_result_data}"); } else { $sql_result_data = "date = DATE_FORMAT('" . add_escape_custom($resultDateTime . '00') . "', '%Y%m%d%H%i%s'), " . "facility = '" . add_escape_custom($str_facilityId) . "', " . "units = '" . add_escape_custom($unit) . "', " . "result = '" . add_escape_custom($value) . "', " . "`range` = '" . add_escape_custom($referenceRange) . "', " . "abnormal = '" . add_escape_custom($abnormalFlag) . "', " . "comments = '" . add_escape_custom($comment) . "', " . "result_status = '" . add_escape_custom($result_status) . "'"; sqlStatement("UPDATE procedure_result SET {$sql_result_data} WHERE procedure_result_id = '" . add_escape_custom($check_result['procedure_result_id']) . "'"); } } // Send a message regarding a report with pending review status. lab_results_messages($patient_id, $report_id, $user_id); } // Need to confirm that the lab result message has been received. // This is the url of the confirm request. $url = "confirm/" . $id; // Make the confirmation request. $response = $client->sendRequest($url, "POST"); // Check response for success or error. if ($response->IsError) {
$form_end = fixDate($_POST['form_end'], ''); if ($text_type == 'football_injury') { $form_injury_part = $_POST['form_injury_part']; $form_injury_type = $_POST['form_injury_type']; } else { $form_injury_part = $_POST['form_medical_system']; $form_injury_type = $_POST['form_medical_type']; } if ($issue) { $query = "UPDATE lists SET " . "type = '" . $text_type . "', " . "title = '" . $_POST['form_title'] . "', " . "comments = '" . $_POST['form_comments'] . "', " . "begdate = " . QuotedOrNull($form_begin) . ", " . "enddate = " . QuotedOrNull($form_end) . ", " . "returndate = " . QuotedOrNull($form_return) . ", " . "diagnosis = '" . $_POST['form_diagnosis'] . "', " . "occurrence = '" . $_POST['form_occur'] . "', " . "classification = '" . $_POST['form_classification'] . "', " . "reinjury_id = '" . $_POST['form_reinjury_id'] . "', " . "referredby = '" . $_POST['form_referredby'] . "', " . "injury_grade = '" . $_POST['form_injury_grade'] . "', " . "injury_part = '" . $form_injury_part . "', " . "injury_type = '" . $form_injury_type . "', " . "outcome = '" . $_POST['form_outcome'] . "', " . "destination = '" . $_POST['form_destination'] . "', " . "reaction ='" . $_POST['form_reaction'] . "' " . "WHERE id = '{$issue}'"; sqlStatement($query); if ($text_type == "medication" && enddate != '') { sqlStatement('UPDATE prescriptions SET ' . 'medication = 0 where patient_id = ' . $thispid . " and upper(trim(drug)) = '" . strtoupper($_POST['form_title']) . "' " . ' and medication = 1'); } } else { $issue = sqlInsert("INSERT INTO lists ( " . "date, pid, type, title, activity, comments, begdate, enddate, returndate, " . "diagnosis, occurrence, classification, referredby, user, groupname, " . "outcome, destination, reinjury_id, injury_grade, injury_part, injury_type, " . "reaction " . ") VALUES ( " . "NOW(), " . "'{$thispid}', " . "'" . $text_type . "', " . "'" . $_POST['form_title'] . "', " . "1, " . "'" . $_POST['form_comments'] . "', " . QuotedOrNull($form_begin) . ", " . QuotedOrNull($form_end) . ", " . QuotedOrNull($form_return) . ", " . "'" . $_POST['form_diagnosis'] . "', " . "'" . $_POST['form_occur'] . "', " . "'" . $_POST['form_classification'] . "', " . "'" . $_POST['form_referredby'] . "', " . "'" . ${$_SESSION}['authUser'] . "', " . "'" . ${$_SESSION}['authProvider'] . "', " . "'" . $_POST['form_outcome'] . "', " . "'" . $_POST['form_destination'] . "', " . "'" . $_POST['form_reinjury_id'] . "', " . "'" . $_POST['form_injury_grade'] . "', " . "'" . $form_injury_part . "', " . "'" . $form_injury_type . "', " . "'" . $_POST['form_reaction'] . "' " . ")"); } // For record/reporting purposes, place entry in lists_touch table. setListTouch($thispid, $text_type); if ($text_type == 'football_injury') { issue_football_injury_save($issue); } if ($text_type == 'ippf_gcac') { issue_ippf_gcac_save($issue); } if ($text_type == 'contraceptive') { issue_ippf_con_save($issue); } // If requested, link the issue to a specified encounter. if ($thisenc) { $query = "INSERT INTO issue_encounter ( " . "pid, list_id, encounter " . ") VALUES ( " . "'{$thispid}', '{$issue}', '{$thisenc}'" . ")";
</head> <body class="body_top"> <?php // If we are saving, then save and close the window. // if ($_POST['form_save']) { $sets = "name = " . invalue('form_name') . ", " . "lab_id = " . invalue('form_lab_id') . ", " . "procedure_code = " . invalue('form_procedure_code') . ", " . "procedure_type = " . invalue('form_procedure_type') . ", " . "body_site = " . invalue('form_body_site') . ", " . "specimen = " . invalue('form_specimen') . ", " . "route_admin = " . invalue('form_route_admin') . ", " . "laterality = " . invalue('form_laterality') . ", " . "description = " . invalue('form_description') . ", " . "units = " . invalue('form_units') . ", " . "`range` = " . invalue('form_range') . ", " . "standard_code = " . invalue('form_standard_code') . ", " . "related_code = " . invalue('form_related_code') . ", " . "seq = " . invalue('form_seq'); if ($typeid) { sqlStatement("UPDATE procedure_type SET {$sets} WHERE procedure_type_id = '{$typeid}'"); // Get parent ID so we can refresh the tree view. $row = sqlQuery("SELECT parent FROM procedure_type WHERE " . "procedure_type_id = '{$typeid}'"); $parent = $row['parent']; } else { $newid = sqlInsert("INSERT INTO procedure_type SET parent = '{$parent}', {$sets}"); // $newid is not really used in this script } } else { if ($_POST['form_delete']) { if ($typeid) { // Get parent ID so we can refresh the tree view after deleting. $row = sqlQuery("SELECT parent FROM procedure_type WHERE " . "procedure_type_id = '{$typeid}'"); $parent = $row['parent']; recursiveDelete($typeid); } } } if ($_POST['form_save'] || $_POST['form_delete']) { // Find out if this parent still has any children. $trow = sqlQuery("SELECT procedure_type_id FROM procedure_type WHERE parent = '{$parent}' LIMIT 1");
function DOBandEncounter() { global $event_date, $info_msg; // Save new DOB if it's there. $patient_dob = trim($_POST['form_dob']); if ($patient_dob && $_POST['form_pid']) { sqlStatement("UPDATE patient_data SET DOB = '{$patient_dob}' WHERE " . "pid = '" . $_POST['form_pid'] . "'"); } // Auto-create a new encounter if appropriate. // if ($GLOBALS['auto_create_new_encounters'] && $_POST['form_apptstatus'] == '@' && $event_date == date('Y-m-d')) { $tmprow = sqlQuery("SELECT count(*) AS count FROM form_encounter WHERE " . "pid = '" . $_POST['form_pid'] . "' AND date = '{$event_date} 00:00:00'"); if ($tmprow['count'] == 0) { $tmprow = sqlQuery("SELECT username, facility, facility_id FROM users WHERE id = '" . $_POST['form_provider'] . "'"); $username = $tmprow['username']; $facility = $tmprow['facility']; // $facility_id = $tmprow['facility_id']; // use the session facility if it is set, otherwise the one from the provider. $facility_id = $_SESSION['pc_facility'] ? $_SESSION['pc_facility'] : $tmprow['facility_id']; $conn = $GLOBALS['adodb']['db']; $encounter = $conn->GenID("sequences"); addForm($encounter, "New Patient Encounter", sqlInsert("INSERT INTO form_encounter SET " . "date = '{$event_date}', " . "onset_date = '{$event_date}', " . "reason = '" . formData("form_comments") . "', " . "facility = '{$facility}', " . "facility_id = '" . (int) $_POST['facility'] . "', " . "billing_facility = '" . (int) $_POST['billing_facility'] . "', " . "provider_id = '" . (int) $_POST['form_provider'] . "', " . "pid = '" . $_POST['form_pid'] . "', " . "encounter = '{$encounter}'"), "newpatient", $_POST['form_pid'], "1", "NOW()", $username); $info_msg .= "New encounter {$encounter} was created. "; } } }