4 $sanitize_all_escapes=true;
7 //STOP FAKE REGISTER GLOBALS
8 $fake_register_globals=false;
11 include_once("../../globals.php");
12 include_once("$srcdir/patient.inc");
13 require_once("$srcdir/classes/Pharmacy.class.php");
18 <?php
html_header_show();?
>
20 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
23 <body
class="body_title">
26 $result = getPatientData($pid, "fname,lname,pid,pubpid,phone_home,pharmacy_id,DOB,DATE_FORMAT(DOB,'%Y%m%d') as DOB_YMD");
27 $provider_results = sqlQuery("select * from users where username=?", array($_SESSION{"authUser"}) );
28 $age = getPatientAge($result["DOB_YMD"]);
30 $info = 'ID: ' . $result['pubpid'];
31 if ($result['DOB']) $info .= ', ' . xl('DOB') . ': ' . $result['DOB'] . ', ' . xl('Age') . ': ' . $age;
32 if ($result['phone_home']) $info .= ', ' . xl('Home') . ': ' . $result['phone_home'];
34 if ($result['pharmacy_id']) {
35 $pharmacy = new Pharmacy($result['pharmacy_id']);
36 if ($pharmacy->get_phone()) $info .= ', ' . xl('Pharm') . ': ' . $pharmacy->get_phone();
39 //escape variables for output (to prevent xss attacks)
40 $patient_esc = htmlspecialchars( $result{"fname"} . " " . $result{"lname"}, ENT_NOQUOTES
);
41 $info_esc = htmlspecialchars( $info, ENT_NOQUOTES
);
42 $provider_esc = htmlspecialchars( $provider_results{"fname"}.' '.$provider_results{"lname"}, ENT_NOQUOTES
);
45 <table border
="0" cellpadding
="0" cellspacing
="0" width
="100%" height
="100%">
47 <td style
="width:45%; vertical-align:middle; white-space: nowrap">
48 <span
class="title_bar_top"><?php
echo $patient_esc; ?
></span
>
49 <span style
="font-size:0.7em;">(<?php
echo $info_esc; ?
>)</span
>
51 <td style
="width:35%; vertical-align:middle; white-space: nowrap; text-align:center">
52 <span
class="title_bar_top"><?php
htmlspecialchars( xl('Logged in as','e'), ENT_NOQUOTES
); ?
>: <?php
echo $provider_esc; ?
></span
>
54 <td style
="width:20%; vertical-align:middle; white-space: nowrap; text-align:right">