jpsagrisolution.com - UnknownSec 403

UnknownSec Bypass 403

: /var/www/zenithentcare/stmedicosoftware/prescription/ [ drwxrwxr-x ]
name : curd_medicine.php
 <?php
  session_start();
require_once "../config.php";
$msg="";
$creationdatetime = date("Y-m-d H:m:s");
$medicine=trim($_POST['medicine']);
$generic=trim($_POST['generic']);
$type=trim($_POST['type']);
$dosage=trim($_POST['dosage']);
$dosageremark=trim($_POST['dosageremark']);
$timing=trim($_POST['when']);
$frequency=trim($_POST['frequency']);
$id=   $_POST['id'];
$userid= $_SESSION['userid'];
 $btnopration=   $_POST['btnopration'];


  if($btnopration=="SAVE")
          {
   $query="select * from medicinemasttb Where name='".$medicine."'
          and 	isdeleted='" . $gnotdeleted . "'";
   $cnt= get_noof_rows($conn,$query);

   if($cnt==0)
   {
   $query="insert into medicinemasttb(name,genericname,medicinetype,dosage,dosageremark,timing,frequency,duration,isdeleted,createdbyuserid,creationdatetime)
           values('".$medicine."','".$generic."', '".$type."','".$dosage."','".$dosageremark."','".$timing."','".$frequency."',0,'".$gnotdeleted."','".$userid."','".$creationdatetime."')";

   $result=insertrecord($conn,$query);

             if($result==true)
                 $msg="Record save successfully";
             else
                 $msg= "There is problem to save Record";
   }
   else
   {
       $msg="Record is already exist";

   }

   }
   else if($btnopration=="UPDATE")
   {
     $query="select * from medicinemasttb Where id!='".$id."' and name='".$medicine."' 
            and 	isdeleted='" . $gnotdeleted . "'";

   $cnt= get_noof_rows($conn,$query);
   if($cnt==0)
   {
      $query="Update medicinemasttb set name='".$medicine."',genericname='".$generic."', medicinetype='".$type."',
             dosage='" .$dosage. "',dosageremark='" .$dosageremark. "',timing='".$timing."',frequency='".$frequency."',
             	modificationdatetime='".$creationdatetime."',	modifiedbyuserid='".$userid."' where id='".$id."'";
          $result=updaterecord($conn,$query);
             if($result==true)
                 $msg="Record update successfully";
             else
                 $msg="There is problem to update Record";

   }
   else
   {
       $msg="Record is already exist";
   }


   }
   else if($btnopration=="REMOVE")
   {
          $query="Update medicinemasttb set isdeleted='".$gdeleted."' where id='".$id."'";
          $result=updaterecord($conn,$query);
           if($result==true)
           $msg="Record delete successfully";
           else
           $msg="There is problem to delete Record";
   }
     echo json_encode ($msg);

?>