UnknownSec Bypass
403
:
/
var
/
www
/
zenithentcare
/
stmedicosoftware
/
prescription
/ [
drwxrwxr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
curd_master.php
<?php session_start(); require_once "../config.php"; $msg=""; $creationdatetime = date("Y-m-d H:m:s"); $mstname=trim($_POST['mstname']); $id= $_POST['id']; $userid= $_SESSION['userid']; $btnopration= $_POST['btnopration']; $identifier= $_POST['identifier']; $gnotdeleted=0; if($identifier==1) { compalinsaveupdate($mstname,$id,$userid, $btnopration,$msg,$creationdatetime,$gnotdeleted,$conn); } else if($identifier==2) { daignosissaveupdate($mstname,$id,$userid, $btnopration,$msg,$creationdatetime,$gnotdeleted,$conn); } else if($identifier==3) { testrequiredsaveupdate($mstname,$id,$userid, $btnopration,$msg,$creationdatetime,$gnotdeleted,$conn); } function compalinsaveupdate($mstname,$id,$userid, $btnopration,$msg,$creationdatetime,$gnotdeleted,$conn) { //insert,update and delete code for complain master if($btnopration=="SAVE") { $query="select * from complainttb Where complain='" .$mstname. "' and isdeleted='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="insert into complainttb(complain,isdeleted,userid,creationdatetime) values('".$mstname."','".$gnotdeleted."','".$userid."','".$creationdatetime."')"; $result=insertrecord($conn,$query); if($result==true) $msg="Record save successfully"; else $msg="There is problem to save Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="UPDATE") { $query="select * from complainttb where id!='".$id."' and complain='" . $mstname . "' and isdeleted='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="Update complainttb set complain='" .$mstname. "' where id='".$id."'"; $result=updaterecord($conn,$query); if($result==true) $msg="Record update successfully"; else $msg="There is problem to update Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="REMOVE") { $query="Update complainttb set isdeleted='".$gdeleted."' where id='".$id."'"; $result=updaterecord($conn,$query); if($result==true) $msg="Record delete successfully"; else $msg="There is problem to delete Record"; } echo json_encode ($msg); } function daignosissaveupdate($mstname,$id,$userid, $btnopration,$msg,$creationdatetime,$gnotdeleted,$conn) { if($btnopration=="SAVE") { $query="select * from diagnosistb Where diagnosis='" .$mstname. "' and isdeleted='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="insert into diagnosistb(diagnosis,isdeleted,userid,creationdatetime) values('".$mstname."','".$gnotdeleted."','".$userid."','".$creationdatetime."')"; $result=insertrecord($conn,$query); if($result==true) $msg="Record save successfully"; else $msg="There is problem to save Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="UPDATE") { $query="select * from diagnosistb where id!='".$id."' and diagnosis='" . $mstname . "' and isdeleted='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="Update diagnosistb set diagnosis='" .$mstname. "' where id='".$id."'"; $result=updaterecord($conn,$query); if($result==true) $msg="Record update successfully"; else $msg="There is problem to update Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="REMOVE") { $query="Update diagnosistb set isdeleted='".$gdeleted."' where id='".$id."'"; $result=updaterecord($conn,$query); if($result==true) $msg="Record delete successfully"; else $msg="There is problem to delete Record"; } echo json_encode ($msg); } function testrequiredsaveupdate($mstname,$id,$userid, $btnopration,$msg,$creationdatetime,$gnotdeleted,$conn) { if($btnopration=="SAVE") { $query="select * from testrequiredtb Where testrequired='" .$mstname. "' and isdeleted='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="insert into testrequiredtb(testrequired,isdeleted,userid,creationdatetime) values('".$mstname."','".$gnotdeleted."','".$userid."','".$creationdatetime."')"; $result=insertrecord($conn,$query); if($result==true) $msg="Record save successfully"; else $msg="There is problem to save Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="UPDATE") { $query="select * from testrequiredtb where id!='".$id."' and testrequired='" . $mstname . "' and isdeleted='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="Update testrequiredtb set testrequired='" .$mstname. "' where id='".$id."'"; $result=updaterecord($conn,$query); if($result==true) $msg="Record update successfully"; else $msg="There is problem to update Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="REMOVE") { $query="Update testrequiredtb set isdeleted='".$gdeleted."' where id='".$id."'"; $result=updaterecord($conn,$query); if($result==true) $msg="Record delete successfully"; else $msg="There is problem to delete Record"; } echo json_encode ($msg); } ?>
Copyright © 2025 - UnknownSec