UnknownSec Bypass
403
:
/
var
/
www
/
zenithentcare
/
stmedicosoftware
/ [
drwxrwxr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
mst_curd_consultant_doctor.php
<?php require_once "config.php"; session_start(); $userid= $_SESSION['userid']; $msg=""; $creationdatetime = date("Y-m-d H:m:s"); $doctorname=$_POST['doctorname']; $age=$_POST['age']; $gender=$_POST['gender']; $depid=$_POST['department']; $degree=$_POST['degree']; $specialization=$_POST['specialization']; $specialization=$_POST['specialization']; $address1=$_POST['address1']; $address2=$_POST['address2']; $mobileno=$_POST['mobileno']; $emailid=$_POST['emailid']; $stateid=$_POST['state']; $districtid=$_POST['city']; $validdays=$_POST['validdays']; $normalfee=$_POST['normalfee']; $emergencyfee=$_POST['emergencyfee']; $odob=date_create($_POST['dob']); $dob=date_format($odob,"Y-m-d"); $odoa=date_create($_POST['doa']); $doa=date_format($odoa,"Y-m-d"); $id= $_POST['id']; $btnopration= $_POST['btnopration']; if($btnopration=="SAVE") { $query="select * from mastertb Where accountname='".$doctorname."' and DoctorType= 'Consultant' and identifier='" . $gdoctoridentifier . "' and status='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="insert into mastertb (accountname,identifier,age,birthdate,marriagedate,gender,address1,address2,email,stateid,districtid,degree,specialization,doctorType, mobile1,status,creationdatetime,createdbyuserid, active,financialyearid,validitydays,normalfee,emergencyfee,departmentid,firstopdfee) values('".$doctorname."','".$gdoctoridentifier."','" . $age . "','" .$dob. "','" .$doa. "','".$gender."','".$address1."','".$address2."','".$emailid."','".$stateid."', '".$districtid."','".$degree."','".$specialization."','Consultant','".$mobileno."','" . $gnotdeleted . "','" . $creationdatetime . "','".$userid."',0,1, '" . $validdays . "','" . $normalfee . "','" . $emergencyfee . "','" . $depid . "','" . $normalfee . "')"; $result=insertrecord($conn,$query); if($result==true) { $last_id = mysqli_insert_id($conn); $query="insert into userdetailstb(uname,mobileno,username,userpassword, permissiontype,creationdatetime,createdbyuserid,active, doctorid) values('".$doctorname."','".$mobileno."','".$doctorname."','123456','Doctor','".$creationdatetime."','".$userid."',1,'".$last_id ."') "; $result=insertrecord($conn,$query); if($result==true) $msg="Record save successfully"; else $msg="There is problem to save Record"; } } else { $msg="Record is already exist"; } } else if($btnopration=="UPDATE") { $query="select * from mastertb where accountmasterid!='".$id."' and accountname='".$doctorname."' and doctortype= 'Consultant' and identifier='" . $gdoctoridentifier . "' and status='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $sql="Update mastertb set accountname='".$doctorname."',age='".$age."',birthdate='" . $dob. "',marriagedate='".$doa."',gender='".$gender."',address1='".$address1."', address2='".$address2."', email='" . $emailid . "',stateid='" . $stateid. "',districtid='".$districtid."',degree='".$degree."',specialization='".$specialization."', mobile1='".$mobileno."',validitydays='" . $validdays . "',normalfee='" . $normalfee . "',emergencyfee='" . $emergencyfee . "',departmentid='" . $depid . "',firstopdfee='" . $normalfee . "' where accountmasterid='".$id."' "; $result=updaterecord($conn,$sql); if($result==true) { $query="select * from userdetailstb where doctorid='".$id."'"; $cnt1= get_noof_rows($conn,$query); if($cnt1==0) { $query="insert into userdetailstb(username, userpassword, permissiontype,creationdatetime,createdbyuserid,active, doctorid) values('".$doctorname."','123456','Doctor','".$creationdatetime."','".$userid."',1,'".$id ."') "; $result=insertrecord($conn,$query); if($result==true) $msg= "Record update successfully"; else $msg="There is problem to save Record"; } else { $sql="update userdetailstb set username='".$doctorname."' where doctorid='".$id."'"; $result=updaterecord($conn,$sql); if($result==true) $msg= "Record update successfully"; else $msg="There is problem to save Record"; } } } else { $msg="Record is already exist"; } } else if($btnopration=="Delete") { $query="select * from patientdetailstb where examinedbyid='".$id."' and isdeleted='" . $gnotdeleted . "'"; $cnt1= get_noof_rows($conn,$query); if($cnt1>0) { $msg="You cant delete it because it is in use."; echo json_encode ($msg); return; } $sql="Update mastertb set status=1 where accountmasterid='".$id."' "; $result=updaterecord($conn,$sql); if($result==true) $msg= "Record delete successfully"; else $msg="There is problem to save Record"; } echo json_encode ($msg); ?>
Copyright © 2025 - UnknownSec