2 // Copyright (C) 2012 Rod Roark <rod@sunsetsystems.com>
3 // Sponsored by David Eschelbacher, MD
5 // This program is free software; you can redistribute it and/or
6 // modify it under the terms of the GNU General Public License
7 // as published by the Free Software Foundation; either version 2
8 // of the License, or (at your option) any later version.
10 // Sanitize escapes and disable fake globals registration.
12 $sanitize_all_escapes = true;
13 $fake_register_globals = false;
15 require_once("../../globals.php");
16 require_once("$srcdir/formdata.inc.php");
17 require_once("$srcdir/formatting.inc.php");
18 require_once("$srcdir/jsonwrapper/jsonwrapper.php");
20 $popup = empty($_REQUEST['popup']) ?
0 : 1;
22 // With the ColReorder or ColReorderWithResize plug-in, the expected column
23 // ordering may have been changed by the user. So we cannot depend on
24 // list_options to provide that.
26 $aColumns = explode(',', $_GET['sColumns']);
28 // Paging parameters. -1 means not applicable.
30 $iDisplayStart = isset($_GET['iDisplayStart' ]) ?
0 +
$_GET['iDisplayStart' ] : -1;
31 $iDisplayLength = isset($_GET['iDisplayLength']) ?
0 +
$_GET['iDisplayLength'] : -1;
33 if ($iDisplayStart >= 0 && $iDisplayLength >= 0) {
34 $limit = "LIMIT " . escape_limit($iDisplayStart) . ", " . escape_limit($iDisplayLength);
37 // Column sorting parameters.
40 if (isset($_GET['iSortCol_0'])) {
41 for ($i = 0; $i < intval($_GET['iSortingCols']); ++
$i) {
42 $iSortCol = intval($_GET["iSortCol_$i"]);
43 if ($_GET["bSortable_$iSortCol"] == "true" ) {
44 $sSortDir = escape_sort_order($_GET["sSortDir_$i"]); // ASC or DESC
45 // We are to sort on column # $iSortCol in direction $sSortDir.
46 $orderby .= $orderby ?
', ' : 'ORDER BY ';
48 if ($aColumns[$iSortCol] == 'name') {
49 $orderby .= "lname $sSortDir, fname $sSortDir, mname $sSortDir";
52 $orderby .= "`" . escape_sql_column_name($aColumns[$iSortCol],array('patient_data')) . "` $sSortDir";
61 if (isset($_GET['sSearch']) && $_GET['sSearch'] !== "") {
62 $sSearch = add_escape_custom($_GET['sSearch']);
63 foreach ($aColumns as $colname) {
64 $where .= $where ?
"OR " : "WHERE ( ";
65 if ($colname == 'name') {
67 "lname LIKE '$sSearch%' OR " .
68 "fname LIKE '$sSearch%' OR " .
69 "mname LIKE '$sSearch%' ";
72 $where .= "`" . escape_sql_column_name($colname,array('patient_data')) . "` LIKE '$sSearch%' ";
75 if ($where) $where .= ")";
78 // Column-specific filtering.
80 for ($i = 0; $i < count($aColumns); ++
$i) {
81 $colname = $aColumns[$i];
82 if (isset($_GET["bSearchable_$i"]) && $_GET["bSearchable_$i"] == "true" && $_GET["sSearch_$i"] != '') {
83 $where .= $where ?
' AND' : 'WHERE';
84 $sSearch = add_escape_custom($_GET["sSearch_$i"]);
85 if ($colname == 'name') {
87 "lname LIKE '$sSearch%' OR " .
88 "fname LIKE '$sSearch%' OR " .
89 "mname LIKE '$sSearch%' )";
92 $where .= " `" . escape_sql_column_name($colname,array('patient_data')) . "` LIKE '$sSearch%'";
97 // Compute list of column names for SELECT clause.
98 // Always includes pid because we need it for row identification.
101 foreach ($aColumns as $colname) {
102 if ($colname == 'pid') continue;
104 if ($colname == 'name') {
105 $sellist .= "lname, fname, mname";
108 $sellist .= "`" . escape_sql_column_name($colname,array('patient_data')) . "`";
112 // Get total number of rows in the table.
114 $row = sqlQuery("SELECT COUNT(id) AS count FROM patient_data");
115 $iTotal = $row['count'];
117 // Get total number of rows in the table after filtering.
119 $row = sqlQuery("SELECT COUNT(id) AS count FROM patient_data $where");
120 $iFilteredTotal = $row['count'];
122 // Build the output data array.
125 "sEcho" => intval($_GET['sEcho']),
126 "iTotalRecords" => $iTotal,
127 "iTotalDisplayRecords" => $iFilteredTotal,
130 $query = "SELECT $sellist FROM patient_data $where $orderby $limit";
131 $res = sqlStatement($query);
132 while ($row = sqlFetchArray($res)) {
133 // Each <tr> will have an ID identifying the patient.
134 $arow = array('DT_RowId' => 'pid_' . $row['pid']);
135 foreach ($aColumns as $colname) {
136 if ($colname == 'name') {
137 $name = $row['lname'];
138 if ($name && $row['fname']) $name .= ', ';
139 if ($row['fname']) $name .= $row['fname'];
140 if ($row['mname']) $name .= ' ' . $row['mname'];
143 else if ($colname == 'DOB' ||
$colname == 'regdate' ||
$colname == 'ad_reviewed' ||
$colname == 'userdate1') {
144 $arow[] = oeFormatShortDate($row[$colname]);
147 $arow[] = $row[$colname];
150 $out['aaData'][] = $arow;
153 // error_log($query); // debugging
155 // Dump the output array as JSON.
157 echo json_encode($out);