UnknownSec Bypass
403
:
/
var
/
www
/
zenithentcare
/
stmedicosoftware
/
prescription
/ [
drwxrwxr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
newsave_prescription.php
<?php //insert.php session_start(); $docid= $_SESSION['doctorid']; if(isset($_POST["medicine"])) { require_once "../config.php"; //$order_id = uniqid(); $uhid= $_POST["hduhid"]; $fileno=$_POST["hdfileno"]; $bp=$_POST["txtbp"]; $pulse=$_POST["txtpluse"]; $spo2=$_POST["txtspo2"]; $height=$_POST["txtheight"]; $weight=$_POST["txtweight"]; $complaint=$_POST["txtcomplaint"]; $daignosis=$_POST["txtdiagnosis"]; $testrequired=$_POST["txttestrequired"]; $advise=$_POST["txtadvice"]; $followupdays=0; if(trim($_POST["txtfollowupdays"])=="") $followupdays=0; else $followupdays=trim($_POST["txtfollowupdays"]); $visitdate = date("Y-m-d"); $visittime = date("H:m:s"); $creationdatetime = date("Y-m-d H:m:s"); $query="select count(0) from visitdetailstb where uhid=? and opdno=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($uhid,$fileno)); $cnt = $stmt->fetchColumn(); if($cnt==0) { $query="select count(0) from visitdetailstb where uhid=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($uhid)); $visitno = $stmt->fetchColumn()+1; $query="insert into visitdetailstb(uhid,opdno,visitdate,visittime,visitno,complaint,diagnosis,testrequired,consultantid,height,weight,pressure,pulse,spo2,financialyearid,isdeleted,userid,creationdatetime,remark) values('".$uhid."','".$fileno."','".$visitdate."','".$visittime."','".$visitno."','".$complaint."','".$daignosis."','".$testrequired."','".$docid."','".$height."','".$weight."','".$bp."','".$pulse."','".$spo2."',1,0,1,'".$creationdatetime."','".$advise."')"; $stmt = $connect->prepare($query); $stmt->execute(); if($followupdays!=0) { $followupdate = date('Y-m-d', strtotime($visitdate . "+ $followupdays days")); $name=$_POST["txtpatientname"]; $age=$_POST["txtage"]; $ageinyear=$_POST["cmbyear"]; $sex=$_POST["txtgender"]; $mobileno=$_POST["txtmobile"]; $query="insert into followuptb(uhid,visitid,followupdate,consultantid,mobileno,name,age,ageinyear,gender,isdeleted,creationdatetime,userid) VALUES('{$uhid}','{$fileno}','{$followupdate}','{$docid}','{$mobileno}','{$name}','{$age}','{$ageinyear}','{$sex}','0','{$creationdatetime}','{$docid}')"; $stmt = $connect->prepare($query); $stmt->execute(); $query="update visitdetailstb set followupdate='".$followupdate."',followupdays='".$followupdays."' where uhid='".$uhid."' and opdno='".$fileno."' "; $stmt = $connect->prepare($query); $stmt->execute(); } } else { $query="select visitdate from visitdetailstb where uhid=? and opdno=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($uhid,$fileno)); $updatevisitdate = $stmt->fetchColumn(); $query="select visittime from visitdetailstb where uhid=? and opdno=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($uhid,$fileno)); $updatevisittime = $stmt->fetchColumn(); $query="update visitdetailstb set visitdate='".$updatevisitdate."',visittime='".$updatevisittime."', height='".$height."',weight='".$weight."',pressure='".$bp."',pulse='".$pulse."',spo2='".$spo2."', complaint='".$complaint."',diagnosis='".$daignosis."',testrequired='".$testrequired."',remark='".$advise."' where uhid='".$uhid."' and opdno='".$fileno."' "; $stmt = $connect->prepare($query); $stmt->execute(); if($followupdays!=0) { $followupdate = date('Y-m-d', strtotime($updatevisitdate . "+ $followupdays days")); $name=$_POST["txtpatientname"]; $age=$_POST["txtage"]; $ageinyear=$_POST["cmbyear"]; $sex=$_POST["txtgender"]; $mobileno=$_POST["txtmobile"]; $query="delete from followuptb where uhid='".$uhid."' and visitid='".$fileno."'"; $stmt = $connect->prepare($query); $stmt->execute(); $query="update visitdetailstb set followupdate='".$followupdate."',followupdays='".$followupdays."' where uhid='".$uhid."' and opdno='".$fileno."' "; $stmt = $connect->prepare($query); $stmt->execute(); $query="insert into followuptb(uhid,visitid,followupdate,consultantid,mobileno,name,age,ageinyear,gender,isdeleted,creationdatetime,userid) VALUES('{$uhid}','{$fileno}','{$followupdate}','{$docid}','{$mobileno}','{$name}','{$age}','{$ageinyear}','{$sex}','0','{$creationdatetime}','{$docid}')"; $stmt = $connect->prepare($query); $stmt->execute(); } } $query="delete from prescriptiontb where uhid='".$uhid."' and visitid='".$fileno."'"; $stmt = $connect->prepare($query); $stmt->execute(); for($count = 0; $count < count($_POST["medicine"]); $count++) { $query="select medicinetype from medicinemasttb where name=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($_POST["medicine"][$count])); $medtype = $stmt->fetchColumn(); $query="select englishdosage from dosageremarktb where dosage=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($_POST["dosage"][$count])); $dosageremark = $stmt->fetchColumn(); //$connect -> exec("set names utf8"); $query="select hindidosage from dosageremarktb where dosage=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($_POST["dosage"][$count])); $dosageremarkinhindi1 = $stmt->fetchColumn(); $timinginhindi1=gettiminginhindi($_POST["when"][$count]); //$connect -> exec("set names utf8"); $frequencyinhindi1= getfrequency($_POST["frequency"][$count]); $query = "INSERT INTO prescriptiontb (uhid, visitid, type,medicine,dosage,dosageremark,timing,frequency,duration,notes,consultantid,isdeleted,userid,creationdatetime,dosageremarkinhindi,timinginhindi,frequencyinhindi) VALUES (:uhid, :visitid, :type, :medicine,:dosage,:dosageremark,:timing,:frequency,:duration,:notes,:consultantid,:isdeleted,:userid,:creationdatetime,:dosageremarkinhindi,:timinginhindi,:frequencyinhindi)"; $statement = $connect->prepare($query); $statement->execute( array( ':uhid' => $uhid, ':visitid' => $fileno, ':type'=> $medtype, ':medicine' => $_POST["medicine"][$count], ':dosage' => $_POST["dosage"][$count], ':dosageremark' => $dosageremark, ':timing' => $_POST["when"][$count], ':frequency' => $_POST["frequency"][$count], ':duration' => $_POST["duration"][$count], ':notes' => $_POST["note"][$count], ':consultantid' =>$docid, ':isdeleted' =>0, ':userid' =>1, ':creationdatetime' =>$creationdatetime, ':dosageremarkinhindi' =>$dosageremarkinhindi1, ':timinginhindi'=>$timinginhindi1, ':frequencyinhindi'=>$frequencyinhindi1 ) ); } $result = $statement->fetchAll(); if(isset($result)) { $query="update patientdetailstb set prescriptionstatus=1 where uhid='".$uhid."' and fileno='".$fileno."'"; $stmt = $connect->prepare($query); $stmt->execute(); echo 'Ok'; } } function getfrequency($frequency) { $frequencyinhindi=""; if($frequency=="Daily") { $frequencyinhindi="???"; } else if($frequency=="Alternate day") { $frequencyinhindi="?? ??? ??????"; } else if($frequency=="Weekly") { $frequencyinhindi="??????"; } else if($frequency=="For night") { $frequencyinhindi="???"; } else if($frequency=="Monthly") { $frequencyinhindi="?????"; } return $frequencyinhindi; } function gettiminginhindi($timing) { $timinginhindi=""; if($timing=="Before Food") { $timinginhindi="???? ?? ????"; } else if($timing=="Before Breakfast") { $timinginhindi="?????? ?? ????"; } else if($timing=="After Food") { $timinginhindi="???? ?? ???"; } else if($timing=="After Breakfast") { $timinginhindi="?????? ?? ???"; } else if($timing=="Before Lunch") { $timinginhindi="?????- ???? ?? ????"; } else if($timing=="After Lunch") { $timinginhindi="?????- ???? ?? ???"; } else if($timing=="Before Dinner") { $timinginhindi="???-???? ?? ????"; } else if($timing=="After Dinner") { $timinginhindi="???-???? ?? ????"; } else if($timing=="Empty Stomach") { $timinginhindi="???? ????"; } else if($timing=="Bed Time") { $timinginhindi="???-?????? ?? ???? ???"; } else if($timing=="One Time") { $timinginhindi="?? ???"; } else if($timing=="Two Time") { $timinginhindi="?? ???"; } else if($timing=="Three Time") { $timinginhindi="??? ???"; } return $timinginhindi; } ?>
Copyright © 2025 - UnknownSec