minor bug fixes for previous commit
authorbradymiller <bradymiller@users.sourceforge.net>
Wed, 9 Jan 2013 11:22:24 +0000 (9 03:22 -0800)
committerbradymiller <bradymiller@users.sourceforge.net>
Wed, 9 Jan 2013 11:24:27 +0000 (9 03:24 -0800)
interface/forms/aftercare_plan/new.php
interface/forms/aftercare_plan/save.php
interface/forms/transfer_summary/new.php
interface/forms/transfer_summary/save.php
interface/forms/treatment_plan/new.php
interface/forms/treatment_plan/save.php

index 960af03..1a954df 100644 (file)
@@ -98,7 +98,7 @@ echo "<form method='post' name='my_form' " .
 
        
        
-               <td align="left" class="forms"><?php echo xl('Discharged'); ?>:</td>
+               <td align="left" class="forms"><?php echo xlt('Discharged'); ?>:</td>
                <td class="forms">
                           <input type='text' size='10' name='discharged' id='discharge_date' <?php echo attr($disabled); ?>;
       value='<?php echo attr($obj{"discharged"}); ?>'
index b513009..3e3aa73 100644 (file)
@@ -61,7 +61,7 @@ else {
   sqlStatement("UPDATE form_aftercare_plan SET $sets WHERE id = '". add_escape_custom("$id"). "'");
 }
 
-$_SESSION["encounter"] = htmlspecialchars($encounter);
+$_SESSION["encounter"] = $encounter;
 formHeader("Redirecting....");
 formJump();
 formFooter();
index c100354..20ca2ad 100644 (file)
@@ -63,7 +63,7 @@ echo "<form method='post' name='my_form' " .
                        <label class="forms-data"> <?php if (is_numeric($pid)) {
     
     $result = getPatientData($pid, "fname,lname,squad");
-   echo htmlspecialchars(xl('','','','').text($result['fname'])." ".text($result['lname']));}
+   echo text($result['fname'])." ".text($result['lname']);}
    $patient_name=($result['fname'])." ".($result['lname']);
    ?>
    </label>
@@ -74,7 +74,7 @@ echo "<form method='post' name='my_form' " .
                <label class="forms-data"> <?php if (is_numeric($pid)) {
     
     $result = getPatientData($pid, "*");
-   echo htmlspecialchars(($result['DOB']));}
+   echo text($result['DOB']);}
    $dob=($result['DOB']);
    ?>
    </label>
index 4d18420..d78dd8f 100644 (file)
@@ -58,7 +58,7 @@ else {
   sqlStatement("UPDATE form_transfer_summary SET $sets WHERE id = '". add_escape_custom("$id"). "'");
 }
 
-$_SESSION["encounter"] = htmlspecialchars($encounter);
+$_SESSION["encounter"] = $encounter;
 formHeader("Redirecting....");
 formJump();
 formFooter();
index 53a3763..71c6bab 100644 (file)
@@ -67,7 +67,7 @@ echo "<form method='post' name='my_form' " .
                        <label class="forms-data"> <?php if (is_numeric($pid)) {
     
     $result = getPatientData($pid, "fname,lname,squad");
-   echo htmlspecialchars(text($result['fname'])." ".text($result['lname']));}
+   echo text($result['fname'])." ".text($result['lname']);}
    $patient_name=($result['fname'])." ".($result['lname']);
    ?>
    </label>
@@ -78,7 +78,7 @@ echo "<form method='post' name='my_form' " .
                <label class="forms-data"> <?php if (is_numeric($pid)) {
     
     $result = getPatientData($pid, "*");
-   echo htmlspecialchars( $result['DOB']);}
+   echo text($result['DOB']);}
    $dob=($result['DOB']);
    ?>
    </label>
@@ -94,11 +94,11 @@ echo "<form method='post' name='my_form' " .
                        <label class="forms-data" > <?php if (is_numeric($pid)) {
     
     $result = getPatientData($pid, "*");
-   echo htmlspecialchars(xl('','','','').$result['pid']);}
+   echo text($result['pid']);}
    $patient_id=$result['pid'];
    ?>
    </label>
-    <input type="hidden" name="client_number" value="<?php echo $patient_id;?>">
+    <input type="hidden" name="client_number" value="<?php echo attr($patient_id);?>">
                </td>
 
 
@@ -121,10 +121,10 @@ echo "<form method='post' name='my_form' " .
 
     echo "<select name='provider' style='width:60%' />";
     while ($urow = sqlFetchArray($ures)) {
-      echo "    <option value='" . $urow['lname'] . "'";
+      echo "    <option value='" . attr($urow['lname']) . "'";
       if ($urow['lname'] == attr($obj{"provider"})) echo " selected";
-      echo ">" . $urow['lname'];
-      if ($urow['fname']) echo ", " . $urow['fname'];
+      echo ">" . text($urow['lname']);
+      if ($urow['fname']) echo ", " . text($urow['fname']);
       echo "</option>\n";
     }
     echo "</select>";
index f615743..ccf1e53 100644 (file)
@@ -61,7 +61,7 @@ else {
   sqlStatement("UPDATE form_treatment_plan SET $sets WHERE id = '". add_escape_custom("$id"). "'");
 }
 
-$_SESSION["encounter"] = htmlspecialchars($encounter);
+$_SESSION["encounter"] = $encounter;
 formHeader("Redirecting....");
 formJump();
 formFooter();