added comment
[openemr.git] / controllers / C_PatientFinder.class.php
bloba185465b658900d09e2b2efaae6af548a42073d6
1 <?php
3 require_once ($GLOBALS['fileroot'] . "/library/classes/Controller.class.php");
4 require_once($GLOBALS['fileroot'] ."/library/classes/Provider.class.php");
5 require_once($GLOBALS['fileroot'] ."/library/classes/InsuranceNumbers.class.php");
7 class C_PatientFinder extends Controller {
9 var $template_mod;
10 var $_db;
12 function C_PatientFinder($template_mod = "general") {
13 parent::Controller();
14 $this->_db = $GLOBALS['adodb']['db'];
15 $this->template_mod = $template_mod;
16 $this->assign("FORM_ACTION", $GLOBALS['webroot']."/controller.php?" . $_SERVER['QUERY_STRING']);
17 ///////////////////////////////////
18 //// What should this be?????
19 //////////////////////////////////
20 $this->assign("CURRENT_ACTION", $GLOBALS['webroot']."/controller.php?" . "practice_settings&patient_finder&");
21 /////////////////////////////////
22 $this->assign("STYLE", $GLOBALS['style']);
26 function default_action($form_id='',$form_name='',$pid='') {
27 return $this->find_action($form_id,$form_name,$pid);
30 /**
31 * Function that will display a patient finder widged, allowing
32 * the user to input search parameters to find a patient id.
34 function find_action($form_id, $form_name,$pid) {
35 $isPid = false;
36 //fix any magic quotes meddling
38 if (get_magic_quotes_gpc()) {$form_id = stripslashes($form_id);}
39 if (get_magic_quotes_gpc()) {$form_name = stripslashes($form_name);}
40 if (get_magic_quotes_gpc()) {$pid = stripslashes($pid);}
42 //prevent javascript injection, whitespace and semi-colons are the worry
43 $form_id = preg_replace("/[^A-Za-z0-9\[\]\_\']/iS","",urldecode($form_id));
44 $form_name = preg_replace("/[^A-Za-z0-9\[\]\_\']/iS","",urldecode($form_name));
45 $this->assign('form_id', $form_id);
46 $this->assign('form_name', $form_name);
47 if(!empty($pid))
48 $isPid = true;
49 $this->assign('hidden_ispid', $isPid);
51 return $this->fetch($GLOBALS['template_dir'] . "patient_finder/" . $this->template_mod . "_find.html");
54 /**
55 * Function that will take a search string, parse it out and return all patients from the db matching.
56 * @param string $search_string - String from html form giving us our search parameters
58 function find_action_process() {
60 if ($_POST['process'] != "true")
61 return;
63 $isPub = false;
64 $search_string = $_POST['searchstring'];
65 if(!empty($_POST['pid']))
67 $isPub = !$_POST['pid'];
69 //get the db connection and pass it to the helper functions
70 $sql = "SELECT CONCAT(lname, ' ', fname, ' ', mname) as name, DOB, pubpid, pid FROM patient_data";
71 //parse search_string to determine what type of search we have
72 $pos = strpos($search_string, ',');
74 // get result set into array and pass to array
75 $result_array = array();
77 if($pos === false) {
78 //no comma just last name
79 $result_array = $this->search_by_lName($sql, $search_string);
81 else if($pos === 0){
82 //first name only
83 $result_array = $this->search_by_fName($sql, $search_string);
85 else {
86 //last and first at least
87 $result_array = $this->search_by_FullName($sql,$search_string);
89 $this->assign('search_string',$search_string);
90 $this->assign('result_set', $result_array);
91 $this->assign('ispub', $isPub);
92 // we're done
93 $_POST['process'] = "";
96 /**
97 * Function that returns an array containing the
98 * Results of a LastName search
99 * @-param string $sql base sql query
100 * @-param string $search_string parsed for last name
102 function search_by_lName($sql, $search_string) {
103 $lName = mysql_real_escape_string($search_string);
104 $sql .= " WHERE lname LIKE '$lName%' ORDER BY lname, fname";
105 //print "SQL is $sql \n";
106 $result_array = $this->_db->GetAll($sql);
107 //print_r($result_array);
108 return $result_array;
112 * Function that returns an array containing the
113 * Results of a FirstName search
114 * @param string $sql base sql query
115 * @param string $search_string parsed for first name
117 function search_by_fName($sql, $search_string) {
118 $name_array = split(",", $search_string);
119 $fName = mysql_real_escape_string( trim($name_array[1]) );
120 $sql .= " WHERE fname LIKE '$fName%' ORDER BY lname, fname";
121 $result_array = $this->_db->GetAll($sql);
122 return $result_array;
126 * Function that returns an array containing the
127 * Results of a Full Name search
128 * @param string $sql base sql query
129 * @param string $search_string parsed for first, last and middle name
131 function search_by_FullName($sql, $search_string) {
132 $name_array = split(",", $search_string);
133 $lName = mysql_real_escape_string($name_array[0]);
134 $fName = mysql_real_escape_string( trim($name_array[1]) );
135 $sql .= " WHERE fname LIKE '%$fName%' AND lname LIKE '$lName%' ORDER BY lname, fname";
136 //print "SQL is $sql \n";
137 $result_array = $this->_db->GetAll($sql);
138 return $result_array;