UnknownSec Bypass
403
:
/
var
/
www
/
zenithentcare
/
stmedicosoftware
/ [
drwxrwxr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
procedure_saveupdate.php
<?php session_start(); require_once "config.php"; $msg=""; $financialyearid=$_SESSION['financialyearid']; $userdetailsid=$_SESSION['userid']; $creationdatetime = date("Y-m-d H:m:s"); $voucherdate=date_create($_POST['voucherdate']); $voucherno=$_POST['voucherno']; $trandate=date_format($voucherdate,"Y-m-d"); $vouchertime=$_POST['vouchertime']; $patpre=$_POST['patprefix']; $patientname=$_POST['patname']; $gender=$_POST['sex']; $age=$_POST['age']; $agey=$_POST['ageinyear']; $mobileno=$_POST['mobileno']; $address=$_POST['address']; $departmentid=$_POST['department']; $doctorid=$_POST['consultant']; if($_POST['referedby']=="") { $referedby=0; } else { $referedby=$_POST['referedby']; } $pattype=$_POST['pattype']; $total=$_POST['total']; $discount=$_POST['discount']; $netamount=$_POST['netamount']; $receiveamt=$_POST['receiveamt']; $paymentmode=$_POST['paymentmode']; $uhid=$_POST['uhid']; $fileno=$_POST['fileno']; if($_POST['bank']=="Select Bank") { $bankid=0; } else { $bankid=$_POST['bank']; } $transactionno=$_POST['tranno']; $category=$_POST['category']; $btnopration=$_POST['btnopration']; $msg=0; $categoryid=0; $query= "select testdetailsid from testdetailsmaster where testname='".$category."' and identifier=4 and isdeleted='0'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { $categoryid = intval($row["testdetailsid"]); } if($btnopration=="Save") { if($pattype=="Direct") { $gsuhid=""; $query="Select concat('UHID/',Convert(UserDetailsID,char(10)), '/', DATE_FORMAT(Now(), '%Y%m%d%h%i%s'),'/', FLOOR(RAND() * 10000 )) as uhid from userdetailstb where userdetailsid=1"; $result = mysqli_query($conn, $query); while ($row=mysqli_fetch_array($result)) { $uhid = $row["uhid"]; } $query="Select Max(ifnull(suhid,0))+1 as suhid from patientmastertb where isdeleted=0"; $result = mysqli_query($conn, $query); while ($row=mysqli_fetch_array($result)) { $gsuhid = $row["suhid"]; } $gcnt=0; $query= "Select count(0) as count from patientmastertb where suhid='". $gsuhid."' and isdeleted='0'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { $gcnt = intval($row["count"]); } if($gcnt==0) { $query="insert into patientmastertb(uhid,suhid,pntpre,name,agey,pntageyrs,sex,mobile,address1,userid,creationdatetime) values('".$uhid."','". $gsuhid."','".$patpre."','".$patientname."','".$age."','".$agey."', '".$gender."','".$mobileno."','".$address."',1,'".$creationdatetime."')"; $result = mysqli_query($conn, $query); } else { $msg="UHID is already exist."; echo json_encode ($msg); return; } } $count=0; $servicedata = (array)json_decode($_POST['servicedata'],true); foreach ($servicedata as $k=>$v){ $count=$count+1; $chargeid=0; $query= "select testdetailsid from testdetailsmaster where testname='".$category."' and subtestname='".$v["name"]."' and identifier=5 and isdeleted='0'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { $chargeid= intval($row["testdetailsid"]); } $query1="insert into opdheaddetails(transactiondate,sno,voucherno,categoryid,chargeid,rate, qty,grossamount,totalamount,financialyearid,userid,isdeleted,creationdatetime) values('".$trandate."','".$count."','".$voucherno."','".$categoryid."','".$chargeid."','".$v["rate"]."','".$v["qty"]."', '".$v["amount"]."','".$v["amount"]."',1,1,0,'".$creationdatetime."')"; $result = mysqli_query($conn, $query1); } $svoucherno=0; $query= "SELECT ifnull(max(svoucherno),0) as svoucherno from opdheadbill where isdeleted='0'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { $svoucherno = intval($row["svoucherno"])+1; } if($svoucherno>0) { $query="insert into opdheadbill(transactiondate,voucherno,sno,trantime,totalamount,discount,nettotal,receiveamt,balance,fileno,filetype,uhid,categoryid,bankid,cashyacheque,chequeno,financialyearid,isdeleted,patientprefix, pname,paddress,pmobileno,patientage,patientyear,patientgender,departmentid,examinedbyid,refferedbyid,svoucherno,creationdatetime,userdetailsid) values('".$trandate."','".$voucherno."','".$count."','".$vouchertime."','".$total."','".$discount."','".$netamount."','".$receiveamt."',0,'".$fileno."','".$pattype."','".$uhid."','".$categoryid."','".$bankid."','".$paymentmode."','".$transactionno."','".$financialyearid."',0,'".$patpre."','".$patientname."','".$address."','".$mobileno."','".$age."','".$agey."','".$gender."','".$departmentid."','".$doctorid."','".$referedby."','".$svoucherno."', '".$creationdatetime."','".$userdetailsid."')"; $result = mysqli_query($conn, $query); if($result==1) $msg=1; } //$msg=$query; echo json_encode ($msg); } else if($btnopration=="Update") { $count=0; $totalcnt=0; $query="select count(0) as count from opdheaddetails where voucherno='".$voucherno."'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { $totalcnt= intval($row["count"]); } $servicedata = (array)json_decode($_POST['servicedata'],true); foreach ($servicedata as $k=>$v) { $count=$count+1; $chargeid=0; $query= "select testdetailsid from testdetailsmaster where testname='".$category."' and subtestname='".$v["name"]."' and identifier=5 and isdeleted='0'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { $chargeid= intval($row["testdetailsid"]); } $cnt=0; $query="select count(0) as count from opdheaddetails where sno='".$count."' and voucherno='".$voucherno."'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { $cnt= intval($row["count"]); } if($cnt>0) { $query1="update opdheaddetails set transactiondate='".$trandate."', categoryid='".$categoryid."',chargeid='".$chargeid."', rate='".$v["rate"]."',qty='".$v["qty"]."',grossamount='".$v["amount"]."', totalamount='".$v["amount"]."' where sno='".$count."' and voucherno='".$voucherno."'"; $result = mysqli_query($conn, $query1); } else { $query1="insert into opdheaddetails(transactiondate,sno,voucherno,categoryid,chargeid,rate, qty,grossamount,totalamount,financialyearid,userid,isdeleted,creationdatetime) values('".$trandate."','".$count."','".$voucherno."','".$categoryid."','".$chargeid."','".$v["rate"]."','".$v["qty"]."', '".$v["amount"]."','".$v["amount"]."',1,1,0,'".$creationdatetime."')"; $result = mysqli_query($conn, $query1); } } $query="update opdheadbill set transactiondate='".$trandate."',sno='".$count."', trantime='".$vouchertime."',totalamount='".$total."',discount='".$discount."', nettotal='".$netamount."',receiveamt='".$receiveamt."',categoryid='".$categoryid."', bankid='".$bankid."',cashyacheque='".$paymentmode."',chequeno='".$transactionno."', departmentid='".$departmentid."',examinedbyid='".$doctorid."', modificationdatetime='".$creationdatetime."',modifiedbyuserid='".$userdetailsid."' where voucherno='".$voucherno."' "; $result = mysqli_query($conn, $query); if($result==1) { if($pattype=="Direct") { $query="update patientmastertb set pntpre='".$patpre."',name='".$patientname."', agey='".$age."',pntageyrs='".$agey."',sex='".$gender."',mobile='".$mobileno."', address1='".$address."' where uhid='".$uhid."'"; $result = mysqli_query($conn, $query); } $count=$count+1; for($i= $count;$i<=$totalcnt;$i++) { $query1="delete from opdheaddetails where sno='".$i."' and voucherno='".$voucherno."'"; $result = mysqli_query($conn, $query1); } $msg=2; } echo json_encode ($msg); } ?>
Copyright © 2025 - UnknownSec