interface/main/finder/dynamic_finder_ajax.php

   1 <?php
   2 // Copyright (C) 2012 Rod Roark <rod@sunsetsystems.com>
   3 // Sponsored by David Eschelbacher, MD
   4 //
   5 // This program is free software; you can redistribute it and/or
   6 // modify it under the terms of the GNU General Public License
   7 // as published by the Free Software Foundation; either version 2
   8 // of the License, or (at your option) any later version.
   9
  10 // Sanitize escapes and disable fake globals registration.
  11 //
  12 $sanitize_all_escapes = true;
  13 $fake_register_globals = false;
  14
  15 require_once("../../globals.php");
  16 require_once("$srcdir/formdata.inc.php");
  17 require_once("$srcdir/formatting.inc.php");
  18 require_once("$srcdir/jsonwrapper/jsonwrapper.php");
  19
  20 $popup = empty($_REQUEST['popup']) ? 0 : 1;
  21
  22 // With the ColReorder or ColReorderWithResize plug-in, the expected column
  23 // ordering may have been changed by the user.  So we cannot depend on
  24 // list_options to provide that.
  25 //
  26 $aColumns = explode(',', $_GET['sColumns']);
  27
  28 // Paging parameters.  -1 means not applicable.
  29 //
  30 $iDisplayStart  = isset($_GET['iDisplayStart' ]) ? 0 + $_GET['iDisplayStart' ] : -1;
  31 $iDisplayLength = isset($_GET['iDisplayLength']) ? 0 + $_GET['iDisplayLength'] : -1;
  32 $limit = '';
  33 if ($iDisplayStart >= 0 && $iDisplayLength >= 0) {
  34   $limit = "LIMIT " . escape_limit($iDisplayStart) . ", " . escape_limit($iDisplayLength);
  35 }
  36
  37 // Column sorting parameters.
  38 //
  39 $orderby = '';
  40 if (isset($_GET['iSortCol_0'])) {
  41         for ($i = 0; $i < intval($_GET['iSortingCols']); ++$i) {
  42     $iSortCol = intval($_GET["iSortCol_$i"]);
  43                 if ($_GET["bSortable_$iSortCol"] == "true" ) {
  44       $sSortDir = escape_sort_order($_GET["sSortDir_$i"]); // ASC or DESC
  45       // We are to sort on column # $iSortCol in direction $sSortDir.
  46       $orderby .= $orderby ? ', ' : 'ORDER BY ';
  47       //
  48       if ($aColumns[$iSortCol] == 'name') {
  49         $orderby .= "lname $sSortDir, fname $sSortDir, mname $sSortDir";
  50       }
  51       else {
  52         $orderby .= "`" . escape_sql_column_name($aColumns[$iSortCol],array('patient_data')) . "` $sSortDir";
  53       }
  54                 }
  55         }
  56 }
  57
  58 // Global filtering.
  59 //
  60 $where = '';
  61 if (isset($_GET['sSearch']) && $_GET['sSearch'] !== "") {
  62   $sSearch = add_escape_custom($_GET['sSearch']);
  63   foreach ($aColumns as $colname) {
  64     $where .= $where ? "OR " : "WHERE ( ";
  65     if ($colname == 'name') {
  66       $where .=
  67         "lname LIKE '$sSearch%' OR " .
  68         "fname LIKE '$sSearch%' OR " .
  69         "mname LIKE '$sSearch%' ";
  70     }
  71     else {
  72       $where .= "`" . escape_sql_column_name($colname,array('patient_data')) . "` LIKE '$sSearch%' ";
  73     }
  74   }
  75   if ($where) $where .= ")";
  76 }
  77
  78 // Column-specific filtering.
  79 //
  80 for ($i = 0; $i < count($aColumns); ++$i) {
  81   $colname = $aColumns[$i];
  82   if (isset($_GET["bSearchable_$i"]) && $_GET["bSearchable_$i"] == "true" && $_GET["sSearch_$i"] != '') {
  83     $where .= $where ? ' AND' : 'WHERE';
  84     $sSearch = add_escape_custom($_GET["sSearch_$i"]);
  85     if ($colname == 'name') {
  86       $where .= " ( " .
  87         "lname LIKE '$sSearch%' OR " .
  88         "fname LIKE '$sSearch%' OR " .
  89         "mname LIKE '$sSearch%' )";
  90     }
  91     else {
  92       $where .= " `" . escape_sql_column_name($colname,array('patient_data')) . "` LIKE '$sSearch%'";
  93     }
  94   }
  95 }
  96
  97 // Compute list of column names for SELECT clause.
  98 // Always includes pid because we need it for row identification.
  99 //
 100 $sellist = 'pid';
 101 foreach ($aColumns as $colname) {
 102   if ($colname == 'pid') continue;
 103   $sellist .= ", ";
 104   if ($colname == 'name') {
 105     $sellist .= "lname, fname, mname";
 106   }
 107   else {
 108     $sellist .= "`" . escape_sql_column_name($colname,array('patient_data')) . "`";
 109   }
 110 }
 111
 112 // Get total number of rows in the table.
 113 //
 114 $row = sqlQuery("SELECT COUNT(id) AS count FROM patient_data");
 115 $iTotal = $row['count'];
 116
 117 // Get total number of rows in the table after filtering.
 118 //
 119 $row = sqlQuery("SELECT COUNT(id) AS count FROM patient_data $where");
 120 $iFilteredTotal = $row['count'];
 121
 122 // Build the output data array.
 123 //
 124 $out = array(
 125   "sEcho"                => intval($_GET['sEcho']),
 126   "iTotalRecords"        => $iTotal,
 127   "iTotalDisplayRecords" => $iFilteredTotal,
 128   "aaData"               => array()
 129 );
 130 $query = "SELECT $sellist FROM patient_data $where $orderby $limit";
 131 $res = sqlStatement($query);
 132 while ($row = sqlFetchArray($res)) {
 133   // Each <tr> will have an ID identifying the patient.
 134   $arow = array('DT_RowId' => 'pid_' . $row['pid']);
 135   foreach ($aColumns as $colname) {
 136     if ($colname == 'name') {
 137       $name = $row['lname'];
 138       if ($name && $row['fname']) $name .= ', ';
 139       if ($row['fname']) $name .= $row['fname'];
 140       if ($row['mname']) $name .= ' ' . $row['mname'];
 141       $arow[] = $name;
 142     }
 143     else if ($colname == 'DOB' || $colname == 'regdate' || $colname == 'ad_reviewed' || $colname == 'userdate1') {
 144       $arow[] = oeFormatShortDate($row[$colname]);
 145     }
 146     else {
 147       $arow[] = $row[$colname];
 148     }
 149   }
 150   $out['aaData'][] = $arow;
 151 }
 152
 153 // error_log($query); // debugging
 154
 155 // Dump the output array as JSON.
 156 //
 157 echo json_encode($out);
 158 ?>