interface/forms/clinical_instructions/save.php

   1 <?php
   2
   3 /**
   4  * Clinical instructions form save.php
   5  *
   6  * @package   OpenEMR
   7  * @link      http://www.open-emr.org
   8  * @author    Jacob T Paul <jacob@zhservices.com>
   9  * @author    Brady Miller <brady.g.miller@gmail.com>
  10  * @copyright Copyright (c) 2015 Z&H Consultancy Services Private Limited <sam@zhservices.com>
  11  * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
  12  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  13  */
  14
  15 require_once(__DIR__ . "/../../globals.php");
  16 require_once("$srcdir/api.inc.php");
  17 require_once("$srcdir/forms.inc.php");
  18
  19 use OpenEMR\Common\Csrf\CsrfUtils;
  20
  21 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
  22     CsrfUtils::csrfNotVerified();
  23 }
  24
  25 if (!$encounter) { // comes from globals.php
  26     die(xlt("Internal error: we do not seem to be in an encounter!"));
  27 }
  28
  29 $id = (int) (isset($_GET['id']) ? $_GET['id'] : '');
  30 $instruction = $_POST["instruction"];
  31
  32 if ($id && $id != 0) {
  33     sqlStatement("UPDATE form_clinical_instructions SET instruction =? WHERE id = ?", array($instruction, $id));
  34 } else {
  35     $newid = sqlInsert("INSERT INTO form_clinical_instructions (pid,encounter,user,instruction) VALUES (?,?,?,?)", array($pid, $encounter, $_SESSION['authUser'], $instruction));
  36     addForm($encounter, "Clinical Instructions", $newid, "clinical_instructions", $pid, $userauthorized);
  37 }
  38
  39 formHeader("Redirecting....");
  40 formJump();
  41 formFooter();