Addressing SQL syntax issue in messages.php
[openemr.git] / patients / get_problems.php
blobd382b6d72d2edb4f90f179cbbaaa79139a74851a
1 <?php
2 // Copyright (C) 2011 Cassian LUP <cassi.lup@gmail.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
9 //SANITIZE ALL ESCAPES
10 $sanitize_all_escapes=true;
12 //STOP FAKE REGISTER GLOBALS
13 $fake_register_globals=false;
15 //landing page definition -- where to go if something goes wrong
16 $landingpage = "index.php";
19 // kick out if patient not authenticated
20 session_start();
21 if ( isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite']) ) {
22 $pid = $_SESSION['pid'];
24 else {
25 session_destroy();
26 header('Location: '.$landingpage.'?w');
27 exit;
31 $ignoreAuth=true;
32 include_once('../interface/globals.php');
34 $sql = "SELECT * FROM lists WHERE pid = ? AND type = 'medical_problem' ORDER BY begdate";
36 $res = sqlStatement($sql, array($pid) );
38 if(sqlNumRows($res)>0)
41 <table class="class1">
42 <tr class="header">
43 <th><?php echo htmlspecialchars( xl('Title'),ENT_NOQUOTES);?></th>
44 <th><?php echo htmlspecialchars( xl('Reported Date'),ENT_NOQUOTES);?></th>
45 <th><?php echo htmlspecialchars( xl('Start Date'),ENT_NOQUOTES);?></th>
46 <th><?php echo htmlspecialchars( xl('End Date'),ENT_NOQUOTES);?></th>
47 </tr>
48 <?php
49 $even=false;
50 while ($row = sqlFetchArray($res)) {
51 if ($even) {
52 $class="class1_even";
53 $even=false;
54 } else {
55 $class="class1_odd";
56 $even=true;
58 echo "<tr class='".$class."'>";
59 echo "<td>".htmlspecialchars($row['title'],ENT_NOQUOTES)."</td>";
60 echo "<td>".htmlspecialchars($row['date'],ENT_NOQUOTES)."</td>";
61 echo "<td>".htmlspecialchars($row['begdate'],ENT_NOQUOTES)."</td>";
62 echo "<td>".htmlspecialchars($row['enddate'],ENT_NOQUOTES)."</td>";
63 echo "</tr>";
65 echo "</table>";
67 else
69 echo htmlspecialchars( xl("No Results"),ENT_NOQUOTES);