function persist() { $sql = "REPLACE INTO " . $_prefix . $this->_table . " SET "; //echo "<br><br>"; $fields = sqlListFields($this->_table); $db = get_db(); $pkeys = $db->MetaPrimaryKeys($this->_table); foreach ($fields as $field) { $func = "get_" . $field; //echo "f: $field m: $func status: " . (is_callable(array($this,$func))? "yes" : "no") . "<br>"; if (is_callable(array($this, $func))) { $val = call_user_func(array($this, $func)); //modified 01-2010 by BGM to centralize to formdata.inc.php // have place several debug statements to allow standardized testing over next several months if (!is_array($val)) { //DEBUG LINE - error_log("ORDataObject persist before strip: ".$val, 0); $val = strip_escape_custom($val); //DEBUG LINE - error_log("ORDataObject persist after strip: ".$val, 0); } if (in_array($field, $pkeys) && empty($val)) { $last_id = generate_id(); call_user_func(array(&$this, "set_" . $field), $last_id); $val = $last_id; } if (!empty($val)) { //echo "s: $field to: $val <br>"; //modified 01-2010 by BGM to centralize to formdata.inc.php // have place several debug statements to allow standardized testing over next several months $sql .= " `" . $field . "` = '" . add_escape_custom(strval($val)) . "',"; //DEBUG LINE - error_log("ORDataObject persist after escape: ".add_escape_custom(strval($val)), 0); //DEBUG LINE - error_log("ORDataObject persist after escape and then stripslashes test: ".stripslashes(add_escape_custom(strval($val))), 0); //DEBUG LINE - error_log("ORDataObject original before the escape and then stripslashes test: ".strval($val), 0); } } } if (strrpos($sql, ",") == strlen($sql) - 1) { $sql = substr($sql, 0, strlen($sql) - 1); } //echo "<br>sql is: " . $sql . "<br /><br>"; sqlQuery($sql); return true; }
<?php // 2005-03-14 // Physician history storage and update module // include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; $flds = sqlListFields("form_medical_decision"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { $data[$fld] = ''; } foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); if ($k != 'pname' && $k != 'pbdate' && $k != 'md_pid') { $data[$k] = $_POST[$k]; if ($data[$k] == "YYYY-MM-DD") { $data[$k] = ''; } } //echo "$var\n"; } if ($_GET["mode"] == "new") { if ($encounter == "") { $encounter = date("Ymd"); } $newid = formSubmit("form_medical_decision", $data, $_GET["id"], $userauthorized); addForm($encounter, "Medical decision", $newid, "medical_decision", $pid, $userauthorized); $_SESSION["encounter"] = $encounter; } elseif ($_GET["mode"] == "update") {
<?php // 2005-03-14 // Problem list storage and update module // include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; $flds = sqlListFields("form_plist"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { $data[$fld] = ''; } foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); //echo "$var\n"; } $data['pl_high_risk'] = $_POST['pl_high_risk']; $data['pl_family_history'] = $_POST['pl_family_history']; $data['pl_reactions'] = $_POST['pl_reactions']; $data['pl_medications'] = $_POST['pl_medications']; $si = 1; while ($si < 26) { if ($_POST["pl_ed_{$si}"] != '') { $data["pl_problem_{$si}"] = $_POST["pl_ed_{$si}"] . '|~' . $_POST["pl_problem_{$si}"] . '|~' . $_POST["pl_onset_{$si}"] . '|~' . $_POST["pl_rd_{$si}"]; } else { $data["pl_problem_{$si}"] = ''; } $si++; } //if ($pid == "") { $pid = $_SESSION["pid"]; }
<?php // 2005-03-14 // Routine screening storage and update module // include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; $flds = sqlListFields("form_routine_screening_record"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { $data[$fld] = ''; } foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); //echo "$var\n"; } $factors = array("cervical", "lipid", "mammo", "colorectal", "bone", "chlamyd", "gonor", "urinal", "glucose", "thyroid"); $ii = 1; while ($ii < 9) { $record = ''; foreach ($factors as $k => $v) { $record .= $_POST[$v . "_date_" . $ii] . '|' . $_POST[$v . "_res_" . $ii]; if ($v != "thyroid") { $record .= '|~'; } } $data["record_" . $ii] = $record; $ii++; } if ($_GET["mode"] == "new") {
<?php // 2005-03-14 // Patient intake history storage and update module // include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; $flds = sqlListFields("form_patient_intake_history"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { if (substr($key, 0, 4) != 'ros_') { $data[$fld] = ''; } } $flds = sqlListFields("form_patient_intake_history_ros"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { if (substr($key, 0, 4) == 'ros_') { $ros[$fld] = ''; } } foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); if ($k != 'pname' && $k != 'pbdate' && $k != 'pih_pid' && $k != 'pih_date') { if (substr($k, 0, 4) != 'ros_' && substr($k, 0, 6) != 'oh_ch_' && substr($k, 0, 5) != 'pres_' && substr($k, 0, 3) != 'op_' && substr($k, 0, 3) != 'ii_') { $data[$k] = $_POST[$k]; if ($data[$k] == "YYYY-MM-DD") { $data[$k] = ''; } } else {
<?php // 2005-03-14 // Physician history storage and update module // include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; $flds = sqlListFields("form_physical_examination"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { $data[$fld] = ''; } foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); if ($k != 'pname' && $k != 'pbdate' && $k != 'pe_id' && $k != 'pe_date' && substr($k, 0, 5) != 'oh_ch') { $data[$k] = $_POST[$k]; if ($data[$k] == "YYYY-MM-DD") { $data[$k] = ''; } } //echo "$var\n"; } if ($_GET["mode"] == "new") { if ($encounter == "") { $encounter = date("Ymd"); } $newid = formSubmit("form_physical_examination", $data, $_GET["id"], $userauthorized); addForm($encounter, "Physical examination", $newid, "physical_examination", $pid, $userauthorized); $_SESSION["encounter"] = $encounter; } elseif ($_GET["mode"] == "update") {
<?php // 2005-03-14 // High risk screening storage and update module // include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; $flds = sqlListFields("form_high_risk_screening_record"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { $data[$fld] = ''; } foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); //echo "$var\n"; } $ii = 0; while ($ii < 13) { $ii++; $data["record_" . $ii] = $_POST["hemoglobin_date_" . $ii] . ';' . $_POST["hemoglobin_res_" . $ii] . '|~' . $_POST["bone_density_date_" . $ii] . ';' . $_POST["bone_density_res_" . $ii] . '|~' . $_POST["bacteriuria_date_" . $ii] . ';' . $_POST["bacteriuria_res_" . $ii] . '|~' . $_POST["std_date_" . $ii] . ';' . $_POST["std_res_" . $ii] . '|~' . $_POST["hiv_date_" . $ii] . ';' . $_POST["hiv_res_" . $ii] . '|~' . $_POST["genetic_date_" . $ii] . ';' . $_POST["genetic_res_" . $ii] . '|~' . $_POST["rubella_date_" . $ii] . ';' . $_POST["rubella_res_" . $ii] . '|~' . $_POST["tb_skin_date_" . $ii] . ';' . $_POST["tb_skin_res_" . $ii] . '|~' . $_POST["lipid_date_" . $ii] . ';' . $_POST["lipid_res_" . $ii] . '|~' . $_POST["mammography_date_" . $ii] . ';' . $_POST["mammography_res_" . $ii] . '|~' . $_POST["fasting_glucose_date_" . $ii] . ';' . $_POST["fasting_glucose_res_" . $ii] . '|~' . $_POST["tsh_date_" . $ii] . ';' . $_POST["tsh_res_" . $ii] . '|~' . $_POST["cancer_date_" . $ii] . ';' . $_POST["cancer_res_" . $ii] . '|~' . $_POST["hepatitis_c_date_" . $ii] . ';' . $_POST["hepatitis_c_res_" . $ii]; } if ($_GET["mode"] == "new") { if ($encounter == "") { $encounter = date("Ymd"); } $newid = formSubmit("form_high_risk_screening_record", $data, $_GET["id"], $userauthorized); addForm($encounter, "High risk screening record", $newid, "high_risk_screening_record", $pid, $userauthorized); $_SESSION["encounter"] = $encounter; } elseif ($_GET["mode"] == "update") { $q1 = '';
<?php // 2005-03-14 // Physician history storage and update module // include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; $flds = sqlListFields("form_physician_history"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { $data[$fld] = ''; } foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); if ($k != 'pname' && $k != 'pbdate' && $k != 'ph_pid' && $k != 'ph_date' && substr($k, 0, 5) != 'oh_ch') { $data[$k] = $_POST[$k]; if ($data[$k] == "YYYY-MM-DD") { $data[$k] = ''; } } //echo "$var\n"; } $ii = 0; while ($ii < 4) { $data["oh_ch_rec_" . $ii] = $_POST["oh_ch_date_" . $ii] . "|~" . $_POST["oh_ch_width_" . $ii] . "|~" . $_POST["oh_ch_sex_" . $ii] . "|~" . $_POST["oh_ch_weeks_" . $ii] . "|~" . $_POST["oh_ch_delivery_" . $ii] . "|~" . $_POST["oh_ch_notes_" . $ii]; $ii++; } if ($_GET["mode"] == "new") { if ($encounter == "") { $encounter = date("Ymd");
<?php // 2005-03-14 // Immunization storage and update module // include_once "../../globals.php"; include_once "{$srcdir}/api.inc"; include_once "{$srcdir}/forms.inc"; $flds = sqlListFields("form_immunization_record"); $flds = array_slice($flds, 7); foreach ($flds as $key => $fld) { $data[$fld] = ''; } foreach ($_POST as $k => $var) { $_POST[$k] = mysql_escape_string($var); //echo "$var\n"; } $vaccs = array("vacc_tetanus" => 1, "vacc_influenza" => 1, "vacc_pneumococcal" => 1, "vacc_mmr" => 1, "vacc_hep_a" => 1, "vacc_hep_b" => 1, "vacc_varicella" => 1); $hdrimmrecord = array("vacc_tetanus" => "Tetanus-Diphteria booster", "vacc_influenza" => "Influenza vaccine", "vacc_pneumococcal" => "Pneumococcal vaccine", "vacc_mmr" => "MMR Vaccine", "vacc_hep_a" => "Hepatitis A vaccine", "vacc_hep_b" => "Hepatitis B vaccine", "vacc_varicella" => "Varicella vaccine"); foreach ($vaccs as $key => $val) { $si = 0; $data[$key] = ""; while ($si < 20) { $data[$key] .= $_POST["{$key}_{$si}"] . '|~'; if ($_POST["{$key}_{$si}"] != '') { $data["last_{$key}"] = $_POST["{$key}_{$si}"]; } $si++; } } if ($_GET["mode"] == "new") {