search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Additional Sql-injection functions and techniques for escaping;
[openemr.git] / interface / forms / note / new.php
blobb333b2f884e8ac2a2d93514a70abac706f63be3e
1 <!-- Work/School Note Form created by Nikolai Vitsyn: 2004/02/13 and update 2005/03/30
2 Copyright (C) Open Source Medical Software
3
4 This program is free software; you can redistribute it and/or
5 modify it under the terms of the GNU General Public License
6 as published by the Free Software Foundation; either version 2
7 of the License, or (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -->
17
18 <?php
19
20 $fake_register_globals=false;
21 $sanitize_all_escapes=true;
22
23 include_once("../../globals.php");
24 include_once("$srcdir/api.inc");
25 formHeader("Form: note");
26 $returnurl = $GLOBALS['concurrent_layout'] ? 'encounter_top.php' : 'patient_encounter.php';
27 $provider_results = sqlQuery("select fname, lname from users where username=?",array($_SESSION{"authUser"}));
28 /* name of this form */
29 $form_name = "note";
30 ?>
31
32 <html><head>
33 <?php html_header_show();?>
34
35 <!-- supporting javascript code -->
36 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery.js"></script>
37 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/textformat.js"></script>
38
39 <!-- pop up calendar -->
40 <style type="text/css">@import url(<?php echo $GLOBALS['webroot'] ?>/library/dynarch_calendar.css);</style>
41 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dynarch_calendar.js"></script>
42 <?php include_once("{$GLOBALS['srcdir']}/dynarch_calendar_en.inc.php"); ?>
43 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dynarch_calendar_setup.js"></script>
44
45 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
46
47 <script language="JavaScript">
48 // required for textbox date verification
49 var mypcc = '<?php echo $GLOBALS['phone_country_code'] ?>';
50 </script>
51
52 </head>
53
54 <body class="body_top">
55 <?php echo date("F d, Y", time()); ?>
56
57 <form method=post action="<?php echo $rootdir."/forms/".$form_name."/save.php?mode=new";?>" name="my_form" id="my_form">
58 <span class="title"><?php echo xlt('Work/School Note'); ?></span><br></br>
59
60 <div style="margin: 10px;">
61 <input type="button" class="save" value=" <?php echo xla('Save'); ?> "> &nbsp;
62 <input type="button" class="dontsave" value="<?php echo xla('Don\'t Save'); ?>"> &nbsp;
63 </div>
64
65 <select name="note_type">
66 <option value="WORK NOTE"><?php echo xlt('WORK NOTE'); ?></option>
67 <option value="SCHOOL NOTE"><?php echo xlt('SCHOOL NOTE'); ?></option>
68 </select>
69 <br>
70 <b><?php echo xlt('MESSAGE:'); ?></b>
71 <br>
72 <textarea name="message" id="message" rows="7" cols="47"></textarea>
73 <br>
74
75 <?php
76 // commented out below private field, because no field in database, and causes error.
77 ?>
78 <!--
79 <input type="checkbox" name="private" id="private"><label for="private">This note is private</label>
80 <br>
81 -->
82
83 <br>
84 <b><?php echo xlt('Signature:'); ?></b>
85 <br>
86
87 <table>
88 <tr><td>
89 <?php echo xlt('Doctor:'); ?>
90 <input type="text" name="doctor" id="doctor" value="<?php echo attr($provider_results["fname"]).' '.attr($provider_results["lname"]); ?>">
91 </td>
92
93 <td>
94 <span class="text"><?php echo xlt('Date'); ?></span>
95 <input type='text' size='10' name='date_of_signature' id='date_of_signature'
96 value='<?php echo date('Y-m-d', time()); ?>'
97 title='<?php echo xla('yyyy-mm-dd'); ?>'
98 onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)' />
99 <img src='../../pic/show_calendar.gif' align='absbottom' width='24' height='22'
100 id='img_date_of_signature' border='0' alt='[?]' style='cursor:pointer;cursor:hand'
101 title='<?php echo xla('Click here to choose a date'); ?>'>
102 </td>
103 </tr>
104 </table>
105
106 <div style="margin: 10px;">
107 <input type="button" class="save" value=" <?php echo xla('Save'); ?> "> &nbsp;
108 <input type="button" class="dontsave" value="<?php echo xla('Don\'t Save'); ?>"> &nbsp;
109 </div>
110
111 </form>
112
113 </body>
114
115 <script language="javascript">
116 /* required for popup calendar */
117 Calendar.setup({inputField:"date_of_signature", ifFormat:"%Y-%m-%d", button:"img_date_of_signature"});
118
119 // jQuery stuff to make the page a little easier to use
120
121 $(document).ready(function(){
122 $(".save").click(function() { top.restoreSession(); $('#my_form').submit(); });
123 $(".dontsave").click(function() { location.href='<?php echo "$rootdir/patient_file/encounter/$returnurl";?>'; });
124 //$("#printform").click(function() { PrintForm(); });
125 });
126
127 </script>
128
129 </html>
Mirror of official OpenEMR Sourceforge repository