| blob | 28aa776214bbf1f35f3c56670f25b50a50ec1aec |
1 <?php
2 //our api for 3rd party developers
3 include_once("../../globals.php");
4 include_once("{$GLOBALS['srcdir']}/billing.inc");
6 $GLOBALS['form_exit_url'] = "$rootdir/patient_file/encounter/encounter_top.php";
8 function formHeader ($title = "My Form")
9 {
10 ?>
11 <html>
12 <head>
13 <?php html_header_show();?>
14 <link rel=stylesheet href="<?php echo $GLOBALS['css_header']?>" type="text/css">
15 <title><?php echo $title?></title>
16 </head>
17 <body background="<?php echo $GLOBALS['backpic']?>" topmargin=0 rightmargin=0 leftmargin=2 bottommargin=0 marginwidth=2 marginheight=0>
18 <?php
19 }
21 function formFooter ()
22 {
23 ?>
24 </body>
25 </html>
26 <?php
27 }
29 // This function will escape the $values when using the new security method (ie. $sanitize_all_escapes is TRUE).
30 // Otherwise, this function expects the $values to already be escaped(original and legacy behavior).
31 function formSubmit ($tableName, $values, $id, $authorized = "0")
32 {
33 // Bring in $sanitize_all_escapes variable, which will decide
34 // the variable escaping method.
35 global $sanitize_all_escapes;
37 $sql = "insert into " . escape_table_name($tableName) . " set pid ='".add_escape_custom($_SESSION['pid'])."',groupname='".add_escape_custom($_SESSION['authProvider'])."',user='".add_escape_custom($_SESSION['authUser'])."',authorized='".add_escape_custom($authorized)."',activity=1, date = NOW(),";
38 foreach ($values as $key => $value)
39 if (strpos($key,"openemr_net_cpt") === 0) {
40 //code to auto add cpt code
41 if (!empty($value)) {
42 $code_array = explode(" ",$value,2);
44 addBilling(date("Ymd"), 'CPT4', $code_array[0], $code_array[1], $_SESSION['pid'], $authorized, $_SESSION['authUserID']);
45 }
47 }
48 //case where key looks like "[a-zA-Z]*diagnosis[0-9]" which is special, it is used to auto add ICD codes
50 elseif (strpos($key,"diagnosis") == (strlen($key) -10) && !(strpos($key,"diagnosis")=== false )) {
51 //icd auto add ICD9-CM
52 if (!empty($value)) {
53 $code_array = explode(" ",$value,2);
54 addBilling(date("Ymd"), 'ICD9-M', $code_array[0], $code_array[1], $_SESSION['pid'], $authorized, $_SESSION['authUserID']);
55 }
56 }
57 else {
58 if (isset($sanitize_all_escapes) && $sanitize_all_escapes) {
59 // using new security method, so escape the key and values here
60 $sql .= " " . escape_sql_column_name($key,array($tableName)) . " = '" . add_escape_custom($value) . "',";
61 }
62 else {
63 // original method (rely on code to escape values before using this function)
64 $sql .= " $key = '$value',";
65 }
66 }
67 $sql = substr($sql, 0, -1);
68 return sqlInsert($sql);
69 }
72 function formUpdate ($tableName, $values, $id, $authorized = "0")
73 {
74 // Bring in $sanitize_all_escapes variable, which will decide
75 // the variable escaping method.
76 global $sanitize_all_escapes;
78 $sql = "update " . escape_table_name($tableName) . " set pid ='".add_escape_custom($_SESSION['pid'])."',groupname='".add_escape_custom($_SESSION['authProvider'])."',user='".add_escape_custom($_SESSION['authUser'])."',authorized='".add_escape_custom($authorized)."',activity=1, date = NOW(),";
79 foreach ($values as $key => $value)
80 if (isset($sanitize_all_escapes) && $sanitize_all_escapes) {
81 // using new security method, so escape the key and values here
82 $sql .= " " . escape_sql_column_name($key,array($tableName)) . " = '" . add_escape_custom($value) . "',";
83 }
84 else {
85 // original method (rely on code to escape values before using this function)
86 $sql .= " $key = '$value',";
87 }
88 $sql = substr($sql, 0, -1);
89 $sql .= " where id='".add_escape_custom($id)."'";
91 return sqlInsert($sql);
92 }
95 function formJump ($address = "0")
96 {
97 $returnurl = 'encounter_top.php';
98 if ($address == "0")
99 $address = "{$GLOBALS['rootdir']}/patient_file/encounter/$returnurl";
100 echo "\n<script language='Javascript'>top.restoreSession();window.location='$address';</script>\n";
101 exit;
102 }
104 function formFetch ($tableName, $id, $cols="*", $activity="1")
105 {
106 // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
107 return sqlQuery ( "select $cols from `" . escape_table_name($tableName) . "` where id=? and pid = ? and activity like ? order by date DESC LIMIT 0,1", array($id,$GLOBALS['pid'],$activity) ) ;
108 }
110 function formGetIds ($tableName, $cols = "*", $limit='all', $start=0, $activity = "1")
111 {
112 if($limit == "all")
113 {
114 // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
115 $sql = "select $cols from `" . escape_table_name($tableName) . "` where pid like '$pid' ";
116 if ($activity != "all")
117 $sql .= "and activity like '$activity' ";
118 $sql .= "order by date DESC";
119 }
120 else
121 {
122 $sql = "select $cols from pnotes where pid like '$pid' ";
123 $sql .= " AND deleted != 1 "; // exclude ALL deleted notes
124 if ($activity != "all")
125 $sql .= "and activity like '$activity' ";
126 $sql .= "order by date DESC LIMIT $start, $limit";
127 }
129 $res = sqlStatement($sql);
131 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
132 $all[$iter] = $row;
133 return $all;
134 }
136 function formDisappear ($tableName, $id)
137 {
138 // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
139 if (sqlStatement("update `" . escape_table_name($tableName) . "` set activity = '0' where id='$id' and pid='$pid'")) return true;
140 return false;
141 }
143 function formReappear ($tableName, $id)
144 {
145 // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
146 if (sqlStatement("update `" . escape_table_name($tableName) . "` set activity = '1' where id='$id' and pid='$pid'")) return true;
147 return false;
148 }
149 ?>