| blob | 063ebb3a6153a5a7b352d3a863e10aecf8204707 |
1 <?php
2 //our api for 3rd party developers
3 include_once("../../globals.php");
4 include_once("{$GLOBALS['srcdir']}/sql.inc");
5 include_once("{$GLOBALS['srcdir']}/billing.inc");
6 include_once("{$GLOBALS['srcdir']}/formdata.inc.php");
8 $GLOBALS['form_exit_url'] = "$rootdir/patient_file/encounter/encounter_top.php";
10 function formHeader ($title = "My Form")
11 {
12 ?>
13 <html>
14 <head>
15 <?php html_header_show();?>
16 <link rel=stylesheet href="<?php echo $GLOBALS['css_header']?>" type="text/css">
17 <title><?php echo $title?></title>
18 </head>
19 <body background="<?php echo $GLOBALS['backpic']?>" topmargin=0 rightmargin=0 leftmargin=2 bottommargin=0 marginwidth=2 marginheight=0>
20 <?php
21 }
23 function formFooter ()
24 {
25 ?>
26 </body>
27 </html>
28 <?php
29 }
31 // This function will escape the $values when using the new security method (ie. $sanitize_all_escapes is TRUE).
32 // Otherwise, this function expects the $values to already be escaped(original and legacy behavior).
33 function formSubmit ($tableName, $values, $id, $authorized = "0")
34 {
35 // Bring in $sanitize_all_escapes variable, which will decide
36 // the variable escaping method.
37 global $sanitize_all_escapes;
39 $sql = "insert into " . escape_table_name($tableName) . " set pid ='".add_escape_custom($_SESSION['pid'])."',groupname='".add_escape_custom($_SESSION['authProvider'])."',user='".add_escape_custom($_SESSION['authUser'])."',authorized='".add_escape_custom($authorized)."',activity=1, date = NOW(),";
40 foreach ($values as $key => $value)
41 if (strpos($key,"openemr_net_cpt") === 0) {
42 //code to auto add cpt code
43 if (!empty($value)) {
44 $code_array = explode(" ",$value,2);
46 addBilling(date("Ymd"), 'CPT4', $code_array[0], $code_array[1], $_SESSION['pid'], $authorized, $_SESSION['authUserID']);
47 }
49 }
50 //case where key looks like "[a-zA-Z]*diagnosis[0-9]" which is special, it is used to auto add ICD codes
52 elseif (strpos($key,"diagnosis") == (strlen($key) -10) && !(strpos($key,"diagnosis")=== false )) {
53 //icd auto add ICD9-CM
54 if (!empty($value)) {
55 $code_array = explode(" ",$value,2);
56 addBilling(date("Ymd"), 'ICD9-M', $code_array[0], $code_array[1], $_SESSION['pid'], $authorized, $_SESSION['authUserID']);
57 }
58 }
59 else {
60 if (isset($sanitize_all_escapes) && $sanitize_all_escapes) {
61 // using new security method, so escape the key and values here
62 $sql .= " " . escape_sql_column_name($key,array($tableName)) . " = '" . add_escape_custom($value) . "',";
63 }
64 else {
65 // original method (rely on code to escape values before using this function)
66 $sql .= " $key = '$value',";
67 }
68 }
69 $sql = substr($sql, 0, -1);
70 return sqlInsert($sql);
71 }
74 function formUpdate ($tableName, $values, $id, $authorized = "0")
75 {
76 // Bring in $sanitize_all_escapes variable, which will decide
77 // the variable escaping method.
78 global $sanitize_all_escapes;
80 $sql = "update " . escape_table_name($tableName) . " set pid ='".add_escape_custom($_SESSION['pid'])."',groupname='".add_escape_custom($_SESSION['authProvider'])."',user='".add_escape_custom($_SESSION['authUser'])."',authorized='".add_escape_custom($authorized)."',activity=1, date = NOW(),";
81 foreach ($values as $key => $value)
82 if (isset($sanitize_all_escapes) && $sanitize_all_escapes) {
83 // using new security method, so escape the key and values here
84 $sql .= " " . escape_sql_column_name($key,array($tableName)) . " = '" . add_escape_custom($value) . "',";
85 }
86 else {
87 // original method (rely on code to escape values before using this function)
88 $sql .= " $key = '$value',";
89 }
90 $sql = substr($sql, 0, -1);
91 $sql .= " where id='".add_escape_custom($id)."'";
93 return sqlInsert($sql);
94 }
97 function formJump ($address = "0")
98 {
99 $returnurl = 'encounter_top.php';
100 if ($address == "0")
101 $address = "{$GLOBALS['rootdir']}/patient_file/encounter/$returnurl";
102 echo "\n<script language='Javascript'>top.restoreSession();window.location='$address';</script>\n";
103 exit;
104 }
106 function formFetch ($tableName, $id, $cols="*", $activity="1")
107 {
108 // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
109 return sqlQuery ( "select $cols from `" . escape_table_name($tableName) . "` where id=? and pid = ? and activity like ? order by date DESC LIMIT 0,1", array($id,$GLOBALS['pid'],$activity) ) ;
110 }
112 function formGetIds ($tableName, $cols = "*", $limit='all', $start=0, $activity = "1")
113 {
114 if($limit == "all")
115 {
116 // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
117 $sql = "select $cols from `" . escape_table_name($tableName) . "` where pid like '$pid' ";
118 if ($activity != "all")
119 $sql .= "and activity like '$activity' ";
120 $sql .= "order by date DESC";
121 }
122 else
123 {
124 $sql = "select $cols from pnotes where pid like '$pid' ";
125 $sql .= " AND deleted != 1 "; // exclude ALL deleted notes
126 if ($activity != "all")
127 $sql .= "and activity like '$activity' ";
128 $sql .= "order by date DESC LIMIT $start, $limit";
129 }
131 $res = sqlStatement($sql);
133 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
134 $all[$iter] = $row;
135 return $all;
136 }
138 function formDisappear ($tableName, $id)
139 {
140 // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
141 if (sqlStatement("update `" . escape_table_name($tableName) . "` set activity = '0' where id='$id' and pid='$pid'")) return true;
142 return false;
143 }
145 function formReappear ($tableName, $id)
146 {
147 // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
148 if (sqlStatement("update `" . escape_table_name($tableName) . "` set activity = '1' where id='$id' and pid='$pid'")) return true;
149 return false;
150 }
151 ?>