4 $sanitize_all_escapes=true;
7 //STOP FAKE REGISTER GLOBALS
8 $fake_register_globals=false;
11 require_once("../../globals.php");
12 require_once("$srcdir/sql.inc");
13 function pic_array() {
14 $picture_directory = "Patient Photograph"; //change this if you want
16 $sql_query = "select documents.id from documents join categories_to_documents on documents.id = categories_to_documents.document_id join categories on categories.id = categories_to_documents.category_id where categories.name like ? and documents.foreign_id = ?";
17 if ($query = sqlStatement($sql_query, array($picture_directory, $_SESSION['pid']) )) {
18 while( $results = sqlFetchArray($query) ) {
19 $tmp = $results['id'];
21 array_push($pics,"<div name='Patient Photograph' class='patient_pic'><img src='".$GLOBALS['webroot']."/controller.php?document&retrieve&patient_id=".htmlspecialchars($_SESSION['pid'],ENT_QUOTES
)."&document_id=".htmlspecialchars($tmp,ENT_QUOTES
)."&as_file=false' alt='Patient Photograph'></div>\n");