search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Quick bug fix: Escaping of a string literal within an onClick tag.
[openemr.git] / library / ajax / payment_ajax.php
blob91206c17d55437c9c936efc295434789aca2a9d6
1 <?php
2 // +-----------------------------------------------------------------------------+
3 // Copyright (C) 2010 Z&H Consultancy Services Private Limited <sam@zhservices.com>
4 //
5 //
6 // This program is free software; you can redistribute it and/or
7 // modify it under the terms of the GNU General Public License
8 // as published by the Free Software Foundation; either version 2
9 // of the License, or (at your option) any later version.
10 //
11 //
12 // This program is distributed in the hope that it will be useful,
13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 // GNU General Public License for more details.
16 //
17 //
18 // A copy of the GNU General Public License is included along with this program:
19 // openemr/interface/login/GnuGPL.html
20 // For more information write to the Free Software
21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 //
23 // Author: Eldho Chacko <eldho@zhservices.com>
24 // Paul Simon K <paul@zhservices.com>
25 //
26 // +------------------------------------------------------------------------------+
27 //===============================================================================
28 //This section handles ajax for insurance,patient and for encounters.
29 //===============================================================================
30 require_once("../../interface/globals.php");
31 require_once("$srcdir/sql.inc");
32 require_once("$srcdir/formatting.inc.php");
33 //=================================
34 if (isset($_REQUEST["ajax_mode"]))
35 {
36 AjaxDropDownCode();
37 }
38 //=================================
39 function AjaxDropDownCode()
40 {
41 if ($_REQUEST["ajax_mode"] == "set")//insurance
42 {
43 $CountIndex=1;
44 $StringForAjax="<div id='AjaxContainerInsurance'><table width='552' border='1' cellspacing='0' cellpadding='0'>
45 <tr class='text' bgcolor='#dddddd'>
46 <td width='50'>".htmlspecialchars( xl('Code'), ENT_QUOTES)."</td>
47 <td width='300'>".htmlspecialchars( xl('Name'), ENT_QUOTES)."</td>
48 <td width='200'>".htmlspecialchars( xl('Address'), ENT_QUOTES)."</td>
49 </tr>".
50 //ProcessKeyForColoring(event,$CountIndex)==>Shows the navigation in the listing by change of colors and focus.Happens when down or up arrow is pressed.
51 //PlaceValues(event,'&nbsp;','')==>Used while -->KEY PRESS<-- over list.List vanishes and the clicked one gets listed in the parent page's text box.
52 //PutTheValuesClick('&nbsp;','')==>Used while -->CLICK<-- over list.List vanishes and the clicked one gets listed in the parent page's text box.
53 "<tr class='text' height='20' bgcolor='$bgcolor' id=\"tr_insurance_$CountIndex\"
54 onkeydown=\"ProcessKeyForColoring(event,$CountIndex);PlaceValues(event,'&nbsp;','')\" onclick=\"PutTheValuesClick('&nbsp;','')\">
55 <td colspan='3' align='center'><a id='anchor_insurance_code_$CountIndex' href='#'></a></td>
56 </tr>";
57 $insurance_text_ajax=formData('insurance_text_ajax','',true);
58 $res = sqlStatement("SELECT insurance_companies.id,name,city,state,country FROM insurance_companies
59 left join addresses on insurance_companies.id=addresses.foreign_id where name like '$insurance_text_ajax%' or insurance_companies.id like '$insurance_text_ajax%' ORDER BY name");
60 while ($row = sqlFetchArray($res))
61 {
62 if($CountIndex%2==1)
63 {
64 $bgcolor='#ddddff';
65 }
66 else
67 {
68 $bgcolor='#ffdddd';
69 }
70 $CountIndex++;
71 $Id=$row['id'];
72 $Name=$row['name'];
73 $City=$row['city'];
74 $State=$row['state'];
75 $Country=$row['country'];
76 $Address=$City.', '.$State.', '.$Country;
77 $StringForAjax.="<tr class='text' bgcolor='$bgcolor' id=\"tr_insurance_$CountIndex\"
78 onkeydown='ProcessKeyForColoring(event,$CountIndex);PlaceValues(event,\"".htmlspecialchars($Id,ENT_QUOTES)."\",\"".htmlspecialchars($Name,ENT_QUOTES)."\")'
79 onclick='PutTheValuesClick(\"".htmlspecialchars($Id,ENT_QUOTES)."\",\"".htmlspecialchars($Name,ENT_QUOTES)."\")'>
80 <td><a id='anchor_insurance_code_$CountIndex' href='#'>".htmlspecialchars($Id)."</a></td>
81 <td><a href='#'>".htmlspecialchars($Name)."</a></td>
82 <td><a href='#'>".htmlspecialchars($Address)."</a></td>
83 </tr>";
84 }
85 $StringForAjax.="</table></div>";
86 echo strlen($_REQUEST['insurance_text_ajax']).'~`~`'.$StringForAjax;
87 die;
88 }
89 //===============================================================================
90 if ($_REQUEST["ajax_mode"] == "set_patient")//patient.
91 {//From 2 areas this ajax is called.So 2 pairs of functions are used.
92 //PlaceValues==>Used while -->KEY PRESS<-- over list.List vanishes and the clicked one gets listed in the parent page's text box.
93 //PutTheValuesClick==>Used while -->CLICK<-- over list.List vanishes and the clicked one gets listed in the parent page's text box.
94 //PlaceValuesDistribute==>Used while -->KEY PRESS<-- over list.List vanishes and the clicked one gets listed in the parent page's text box.
95 //PutTheValuesClickDistribute==>Used while -->CLICK<-- over list.List vanishes and the clicked one gets listed in the parent page's text box.
96 if(isset($_REQUEST['patient_code']) && $_REQUEST['patient_code']!='')
97 {
98 $patient_code=formData('patient_code','',true);
99 if(isset($_REQUEST['submit_or_simple_type']) && $_REQUEST['submit_or_simple_type']=='Simple')
100 {
101 $StringToAppend="PutTheValuesClickPatient";
102 $StringToAppend2="PlaceValuesPatient";
103 }
104 else
105 {
106 $StringToAppend="PutTheValuesClickDistribute";
107 $StringToAppend2="PlaceValuesDistribute";
108 }
109 $patient_code_complete=$_REQUEST['patient_code'];//we need the spaces here
110 }
111 elseif(isset($_REQUEST['insurance_text_ajax']) && $_REQUEST['insurance_text_ajax']!='')
112 {
113 $patient_code=formData('insurance_text_ajax','',true);
114 $StringToAppend="PutTheValuesClick";
115 $StringToAppend2="PlaceValues";
116 $patient_code_complete=$_REQUEST['insurance_text_ajax'];//we need the spaces here
117 }
118 $CountIndex=1;
119 $StringForAjax="<div id='AjaxContainerPatient'><table width='452' border='1' cellspacing='0' cellpadding='0'>
120 <tr class='text' bgcolor='#dddddd'>
121 <td width='50'>".htmlspecialchars( xl('Code'), ENT_QUOTES)."</td>
122 <td width='100'>".htmlspecialchars( xl('Last Name'), ENT_QUOTES)."</td>
123 <td width='100'>".htmlspecialchars( xl('First Name'), ENT_QUOTES)."</td>
124 <td width='100'>".htmlspecialchars( xl('Middle Name'), ENT_QUOTES)."</td>
125 <td width='100'>".htmlspecialchars( xl('Date of Birth'), ENT_QUOTES)."</td>
126 </tr>".
127 //ProcessKeyForColoring(event,$CountIndex)==>Shows the navigation in the listing by change of colors and focus.Happens when down or up arrow is pressed.
128 "<tr class='text' height='20' bgcolor='$bgcolor' id=\"tr_insurance_$CountIndex\"
129 onkeydown=\"ProcessKeyForColoring(event,$CountIndex);$StringToAppend2(event,'&nbsp;','')\" onclick=\"$StringToAppend('&nbsp;','')\">
130 <td colspan='5' align='center'><a id='anchor_insurance_code_$CountIndex' href='#'></a></td>
131 </tr>
132
133 ";
134 $res = sqlStatement("SELECT pid as id,fname,lname,mname,DOB FROM patient_data
135 where fname like '$patient_code%' or lname like '$patient_code%' or mname like '$patient_code%' or
136 CONCAT(lname,' ',fname,' ',mname) like '$patient_code%' or pid like '$patient_code%' ORDER BY lname");
137 while ($row = sqlFetchArray($res))
138 {
139 if($CountIndex%2==1)
140 {
141 $bgcolor='#ddddff';
142 }
143 else
144 {
145 $bgcolor='#ffdddd';
146 }
147 $CountIndex++;
148 $Id=$row['id'];
149 $fname=$row['fname'];
150 $lname=$row['lname'];
151 $mname=$row['mname'];
152 $Name=$lname.' '.$fname.' '.$mname;
153 $DOB=oeFormatShortDate($row['DOB']);
154 $StringForAjax.="<tr class='text' bgcolor='$bgcolor' id=\"tr_insurance_$CountIndex\"
155 onkeydown='ProcessKeyForColoring(event,$CountIndex);$StringToAppend2(event,\"".htmlspecialchars($Id,ENT_QUOTES)."\",\"".htmlspecialchars($Name,ENT_QUOTES)."\")' onclick=\"$StringToAppend('".addslashes($Id)."','".htmlspecialchars(addslashes($Name),ENT_QUOTES)."')\">
156 <td><a id='anchor_insurance_code_$CountIndex' href='#' >".htmlspecialchars($Id)."</a></td>
157 <td><a href='#'>".htmlspecialchars($lname)."</a></td>
158 <td><a href='#'>".htmlspecialchars($fname)."</a></td>
159 <td><a href='#'>".htmlspecialchars($mname)."</a></td>
160 <td><a href='#'>".htmlspecialchars($DOB)."</a></td>
161 </tr>";
162 }
163 $StringForAjax.="</table></div>";
164 echo strlen($patient_code_complete).'~`~`'.$StringForAjax;
165 die;
166 }
167 //===============================================================================
168 if ($_REQUEST["ajax_mode"] == "encounter")//encounter
169 {
170 //PlaceValuesEncounter==>Used while -->KEY PRESS<-- over list.List vanishes and the clicked one gets listed in the parent page's text box.
171 //PutTheValuesClickEncounter==>Used while -->CLICK<-- over list.List vanishes and the clicked one gets listed in the parent page's text box.
172 if(isset($_REQUEST['encounter_patient_code']))
173 {
174 $patient_code=formData('encounter_patient_code','',true);
175 $StringToAppend="PutTheValuesClickEncounter";
176 $StringToAppend2="PlaceValuesEncounter";
177 }
178 $CountIndex=1;
179 $StringForAjax="<div id='AjaxContainerEncounter'><table width='202' border='1' cellspacing='0' cellpadding='0'>
180 <tr class='text' bgcolor='#dddddd'>
181 <td width='100'>".htmlspecialchars( xl('Encounter'), ENT_QUOTES)."</td>
182 <td width='100'>".htmlspecialchars( xl('Date'), ENT_QUOTES)."</td>
183 </tr>".
184 //ProcessKeyForColoring(event,$CountIndex)==>Shows the navigation in the listing by change of colors and focus.Happens when down or up arrow is pressed.
185 "<tr class='text' height='20' bgcolor='$bgcolor' id=\"tr_insurance_$CountIndex\"
186 onkeydown=\"ProcessKeyForColoring(event,$CountIndex);$StringToAppend2(event,'&nbsp;','')\" onclick=\"$StringToAppend('&nbsp;','')\">
187 <td colspan='2' align='center'><a id='anchor_insurance_code_$CountIndex' href='#'></a></td>
188 </tr>
189
190 ";
191 $res = sqlStatement("SELECT date,encounter FROM form_encounter
192 where pid ='$patient_code' ORDER BY encounter");
193 while ($row = sqlFetchArray($res))
194 {
195 if($CountIndex%2==1)
196 {
197 $bgcolor='#ddddff';
198 }
199 else
200 {
201 $bgcolor='#ffdddd';
202 }
203 $CountIndex++;
204 $Date=$row['date'];
205 $Date=split(' ',$Date);
206 $Date=oeFormatShortDate($Date[0]);
207 $Encounter=$row['encounter'];
208 $StringForAjax.="<tr class='text' bgcolor='$bgcolor' id=\"tr_insurance_$CountIndex\"
209 onkeydown=\"ProcessKeyForColoring(event,$CountIndex);$StringToAppend2(event,'".htmlspecialchars($Encounter,ENT_QUOTES)."','".htmlspecialchars($Date,ENT_QUOTES)."')\" onclick=\"$StringToAppend('".htmlspecialchars($Encounter,ENT_QUOTES)."','".htmlspecialchars($Date,ENT_QUOTES)."')\">
210 <td><a id='anchor_insurance_code_$CountIndex' href='#' >".htmlspecialchars($Encounter)."</a></td>
211 <td><a href='#'>".htmlspecialchars($Date)."</a></td>
212 </tr>";
213 }
214 $StringForAjax.="</table></div>";
215 echo $StringForAjax;
216 die;
217 }
218 }
219 ?>
Mirror of official OpenEMR Sourceforge repository