UnknownSec Bypass 403

: /var/www/zenithentcare/stmedicosoftware/prescription/ [ drwxrwxr-x ]
name : save_prescription.php <?php //insert.php session_start(); $docid= $_SESSION['doctorid']; if(isset($_POST["medicine"])) { require_once "../config.php"; //$order_id = uniqid(); $uhid= $_POST["hduhid"]; $fileno=$_POST["hdfileno"]; $bp=$_POST["txtbp"]; $pulse=$_POST["txtpluse"]; $spo2=$_POST["txtspo2"]; $height=$_POST["txtheight"]; $weight=$_POST["txtweight"]; $complaint=$_POST["txtcomplaint"]; $daignosis=$_POST["txtdiagnosis"]; $testrequired=$_POST["txttestrequired"]; $advise=$_POST["txtadvice"]; $visitdate = date("Y-m-d"); $visittime = date("H:m:s"); $creationdatetime = date("Y-m-d H:m:s"); $query="select count(0) from visitdetailstb where uhid=? and opdno=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($uhid,$fileno)); $cnt = $stmt->fetchColumn(); if($cnt==0) { $query="select count(0) from visitdetailstb where uhid=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($uhid)); $visitno = $stmt->fetchColumn()+1; $query="insert into visitdetailstb(uhid,opdno,visitdate,visittime,visitno,complaint,diagnosis,testrequired,consultantid,height,weight,pressure,pulse,spo2,financialyearid,isdeleted,userid,creationdatetime,remark) values('".$uhid."','".$fileno."','".$visitdate."','".$visittime."','".$visitno."','".$complaint."','".$daignosis."','".$testrequired."','".$docid."','".$height."','".$weight."','".$bp."','".$pulse."','".$spo2."',1,0,1,'".$creationdatetime."','".$advise."')"; $stmt = $connect->prepare($query); $stmt->execute(); } else { $query="select visitdate from visitdetailstb where uhid=? and opdno=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($uhid,$fileno)); $updatevisitdate = $stmt->fetchColumn(); $query="select visittime from visitdetailstb where uhid=? and opdno=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($uhid,$fileno)); $updatevisittime = $stmt->fetchColumn(); $query="update visitdetailstb set visitdate='".$updatevisitdate."',visittime='".$updatevisittime."', height='".$height."',weight='".$weight."',pressure='".$bp."',pulse='".$pulse."',spo2='".$spo2."', complaint='".$complaint."',diagnosis='".$daignosis."',testrequired='".$testrequired."',remark='".$advise."' where uhid='".$uhid."' and opdno='".$fileno."' "; $stmt = $connect->prepare($query); $stmt->execute(); } $query="delete from prescriptiontb where uhid='".$uhid."' and visitid='".$fileno."'"; $stmt = $connect->prepare($query); $stmt->execute(); for($count = 0; $count < count($_POST["medicine"]); $count++) { $query="select medicinetype from medicinemasttb where name=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($_POST["medicine"][$count])); $medtype = $stmt->fetchColumn(); $query="select englishdosage from dosageremarktb where dosage=? and isdeleted=0"; $stmt = $connect->prepare($query); $stmt->execute(array($_POST["dosage"][$count])); $dosageremark = $stmt->fetchColumn(); $query = "INSERT INTO prescriptiontb (uhid, visitid, type,medicine,dosage,dosageremark,timing,frequency,duration,notes,consultantid,isdeleted,userid,creationdatetime) VALUES (:uhid, :visitid, :type, :medicine,:dosage,:dosageremark,:timing,:frequency,:duration,:notes,:consultantid,:isdeleted,:userid,:creationdatetime)"; $statement = $connect->prepare($query); $statement->execute( array( ':uhid' => $uhid, ':visitid' => $fileno, ':type'=> $medtype, ':medicine' => $_POST["medicine"][$count], ':dosage' => $_POST["dosage"][$count], ':dosageremark' => $dosageremark, ':timing' => $_POST["when"][$count], ':frequency' => $_POST["frequency"][$count], ':duration' => $_POST["duration"][$count], ':notes' => $_POST["note"][$count], ':consultantid' =>$docid, ':isdeleted' =>0, ':userid' =>1, ':creationdatetime' =>$creationdatetime ) ); } $result = $statement->fetchAll(); if(isset($result)) { $query="update patientdetailstb set prescriptionstatus=1 where uhid='".$uhid."' and fileno='".$fileno."'"; $stmt = $connect->prepare($query); $stmt->execute(); echo 'ok'; } } ?>