interface/forms/aftercare_plan/save.php

   1 <?php
   2 /**
   3  *
   4  * Copyright (C) 2012-2013 Naina Mohamed <naina@capminds.com> CapMinds Technologies
   5  *
   6  * LICENSE: This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public License
   8  * as published by the Free Software Foundation; either version 3
   9  * of the License, or (at your option) any later version.
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  * You should have received a copy of the GNU General Public License
  15  * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
  16  *
  17  * @package OpenEMR
  18  * @author  Naina Mohamed <naina@capminds.com>
  19  * @link    http://www.open-emr.org
  20  */
  21
  22  //SANITIZE ALL ESCAPES
  23  $sanitize_all_escapes=$_POST['true'];
  24
  25  //STOP FAKE REGISTER GLOBALS
  26  $fake_register_globals=$_POST['false'];
  27
  28 include_once("../../globals.php");
  29 include_once("$srcdir/api.inc");
  30 include_once("$srcdir/forms.inc");
  31 require_once("$srcdir/htmlspecialchars.inc.php");
  32 require_once("$srcdir/formdata.inc.php");
  33
  34 if (! $encounter) { // comes from globals.php
  35  die(xl("Internal error: we do not seem to be in an encounter!"));
  36 }
  37 $id = 0 + (isset($_GET['id']) ? $_GET['id'] : '');
  38
  39 $sets = "pid = {$_SESSION["pid"]},
  40   groupname = '" . $_SESSION["authProvider"] . "',
  41   user = '" . $_SESSION["authUser"] . "',
  42   authorized = $userauthorized, activity=1, date = NOW(),
  43   provider          =  '" . add_escape_custom(formData("provider")) . "',
  44   client_name          = '" . add_escape_custom(formData("client_name")) . "',
  45   admit_date          = '" . add_escape_custom(formData("admit_date")) . "',
  46   discharged          = '" . add_escape_custom(formData("discharged")) . "',
  47   goal_a_acute_intoxication          =  '" . add_escape_custom(formData("goal_a_acute_intoxication")) . "',
  48   goal_a_acute_intoxication_I          = '" . add_escape_custom(formData("goal_a_acute_intoxication_I")) . "',
  49   goal_a_acute_intoxication_II          =  '" . add_escape_custom(formData("goal_a_acute_intoxication_II")) . "',
  50   goal_b_emotional_behavioral_conditions          =  '" . add_escape_custom(formData("goal_b_emotional_behavioral_conditions")) . "',
  51   goal_b_emotional_behavioral_conditions_I          = '" . add_escape_custom(formData("goal_b_emotional_behavioral_conditions_I")) . "',
  52   goal_c_relapse_potential                           = '" . add_escape_custom(formData("goal_c_relapse_potential")) . "',
  53   goal_c_relapse_potential_I                    =  '" . add_escape_custom(formData("goal_c_relapse_potential_I")) . "'";
  54
  55
  56   if (empty($id)) {
  57   $newid = sqlInsert("INSERT INTO form_aftercare_plan SET $sets");
  58   addForm($encounter, "Aftercare Plan", $newid, "aftercare_plan", $pid, $userauthorized);
  59 }
  60 else {
  61   sqlStatement("UPDATE form_aftercare_plan SET $sets WHERE id = '". add_escape_custom("$id"). "'");
  62 }
  63
  64 $_SESSION["encounter"] = $encounter;
  65 formHeader("Redirecting....");
  66 formJump();
  67 formFooter();
  68 ?>