<?php/* Connect to DB */// $string is just a placeholder function escape

1. <?php
2. /* Connect to DB */
3.  
4. // $string is just a placeholder
5. function escapeSingleQuotes($string){
6. //escapse single quotes
7. $singQuotePattern = "'";
8. $singQuoteReplace = "''";
9. return(stripslashes(eregi_replace($singQuotePattern, $singQuoteReplace, $string)));
10. }
11. function formatPhoneNumber($strPhone) {
12. $strPhone = ereg_replace("[^0-9]",'', $strPhone);
13. if (strlen($strPhone) != 10) {
14. return $strPhone;
15. }
16.  
17. $strArea = substr($strPhone, 0, 3);
18. $strPrefix = substr($strPhone, 3, 3);
19. $strNumber = substr($strPhone, 6, 4);
20.  
21. $strPhone = "(".$strArea.") ".$strPrefix."-".$strNumber;
22.  
23. return ($strPhone);
24. }
25.  
26.  
27. include '../cCustomConnect.php';
28.  
29. $USR_ID = $_POST['USR_ID'];
30. $RES_ID = $_POST['RES_ID'];
31.  
32. $activeinfo = mssql_query("Select * FROM Associate where USR_ID = '$USR_ID'");
33. $menu2 = mssql_result($activeinfo,0,'USR_Menu2');
34.  
35. if($menu2 == 1)
36. {
37. echo '<script type="text/javascript">
38. <!--
39. parent.location = "LifeList.php?result=1&m=2&i=21"
40. //-->
41. </script>
42. ';
43. die ;  
44. }
45. $HEA_LivingWill  = ($_POST['HEA_LivingWill'] == 'on')  ? 1 : 0;
46. $HEA_Medical_Power_Attorney                 = ($_POST['HEA_Medical_Power_Attorney']== 'on')  ? 1 : 0;
47. $HEA_POLST                                                 = ($_POST['HEA_POLST']== 'on')  ? 1 : 0;
48. $HEA_MOST                                                 = ($_POST['HEA_MOST']== 'on')  ? 1 : 0;
49. $HEA_DNR                                                 = ($_POST['HEA_DNR']== 'on')  ? 1 : 0;
50.  
51.  
52.  
53. $HEA_Vision = $_POST['HEA_Vision'];
54. $HEA_Hearing = $_POST['HEA_Hearing'];
55. $HEA_Mobility = $_POST['HEA_Mobility'];
56. $HEA_Falls = $_POST['HEA_Falls'];
57. $HEA_Food = $_POST['HEA_Food'];
58. $HEA_FoodPref = $_POST['HEA_FoodPref'];
59. $HEA_FoodDetails = escapeSingleQuotes($_POST['HEA_FoodDetails']);
60. $HEA_Insect = $_POST['HEA_Insect'];
61. $HEA_InsectDetails = escapeSingleQuotes($_POST['HEA_InsectDetails']);
62. $HEA_Driver = $_POST['HEA_Driver'];
63. $HEA_Make = escapeSingleQuotes($_POST['HEA_Make']);
64. $HEA_Model = escapeSingleQuotes($_POST['HEA_Model']);
65. $HEA_Year = escapeSingleQuotes($_POST['HEA_Year']);
66. $HEA_Color = escapeSingleQuotes($_POST['HEA_Color']);
67. $HEA_Plate = escapeSingleQuotes($_POST['HEA_Plate']);
68. $HEA_ParkArea = escapeSingleQuotes($_POST['HEA_ParkArea']);
69. $HEA_Care = $_POST['HEA_Care'];
70.  
71. $HEA_Pendant = escapeSingleQuotes($_POST['HEA_Pendant']);
72. $HEA_Storage = escapeSingleQuotes($_POST['HEA_Storage']);
73.  
74.  
75. $HEA_History1 = $_POST['HEA_History1'];
76. $HEA_History2 = $_POST['HEA_History2'];
77. $HEA_History3 = $_POST['HEA_History3'];
78. $HEA_History4 = $_POST['HEA_History4'];
79. $HEA_History5 = $_POST['HEA_History5'];
80. $HEA_History6 = $_POST['HEA_History6'];
81. $HEA_History7 = $_POST['HEA_History7'];
82. $HEA_History8 = $_POST['HEA_History8'];
83. $HEA_History9 = $_POST['HEA_History9'];
84. $HEA_History10 = $_POST['HEA_History10'];
85. $HEA_History11 = $_POST['HEA_History11'];
86. $HEA_History12 = $_POST['HEA_History12'];
87. $HEA_History13 = $_POST['HEA_History13'];
88. $HEA_History14 = $_POST['HEA_History14'];
89. $HEA_History15 = $_POST['HEA_History15'];
90. $HEA_History16 = $_POST['HEA_History16'];
91.  
92. $HEA_Height = escapeSingleQuotes($_POST['HEA_Height']);
93. $HEA_Weight = escapeSingleQuotes($_POST['HEA_Weight']);
94. $HEA_OtherIll = escapeSingleQuotes($_POST['HEA_OtherIll']);
95. $HEA_HistoryDetails = escapeSingleQuotes($_POST['HEA_HistoryDetails']);
96. $HEA_HospName = escapeSingleQuotes($_POST['HEA_HospName']);
97. $HEA_HospPhone = escapeSingleQuotes($_POST['HEA_HospPhone']);
98. $HEA_PhyName1 = escapeSingleQuotes($_POST['HEA_PhyName1']);
99. $HEA_PhyAddress1 = escapeSingleQuotes($_POST['HEA_PhyAddress1']);
100. $HEA_PhyPhone1 = escapeSingleQuotes($_POST['HEA_PhyPhone1']);
101. $HEA_PhyFax1 = escapeSingleQuotes($_POST['HEA_PhyFax1']);
102. $HEA_PhyEmail1 = escapeSingleQuotes($_POST['HEA_PhyEmail1']);
103. $HEA_PhySpecialty1 = escapeSingleQuotes($_POST['HEA_PhySpecialty1']);
104. $HEA_PhyName2 = escapeSingleQuotes($_POST['HEA_PhyName2']);
105. $HEA_PhyAddress2 = escapeSingleQuotes($_POST['HEA_PhyAddress2']);
106. $HEA_PhyPhone2 = escapeSingleQuotes($_POST['HEA_PhyPhone2']);
107. $HEA_PhyFax2 = escapeSingleQuotes($_POST['HEA_PhyFax2']);
108. $HEA_PhyEmail2 = escapeSingleQuotes($_POST['HEA_PhyEmail2']);
109. $HEA_PhySpecialty2 = escapeSingleQuotes($_POST['HEA_PhySpecialty2']);
110. $HEA_OtherAll = escapeSingleQuotes($_POST['HEA_OtherAll']);
111. $HEA_OtherDetails = escapeSingleQuotes($_POST['HEA_OtherDetails']);
112.  
113. $HEA_HospPhone = formatPhoneNumber($HEA_HospPhone);
114. $HEA_PhyPhone1 = formatPhoneNumber($HEA_PhyPhone1);
115. $HEA_PhyPhone2 = formatPhoneNumber($HEA_PhyPhone2);
116. $HEA_PhyFax1 = formatPhoneNumber($HEA_PhyFax1);
117. $HEA_PhyFax2 = formatPhoneNumber($HEA_PhyFax2);
118.  
119.  
120. $HEA_DateStamp = date("m/d/Y h:i:s A");
121.  
122. /* Insert Move In Information */
123.  $create_info = mssql_query("INSERT INTO
124.  Health
125.  (RES_ID, HEA_LastUser, HEA_DateStamp, HEA_Vision, HEA_Hearing, HEA_Mobility, HEA_Falls, HEA_Food, HEA_FoodPref, HEA_FoodDetails, HEA_Insect, HEA_InsectDetails, HEA_Driver, HEA_Make, HEA_Model, HEA_Year, HEA_Color, HEA_Plate, HEA_ParkArea, HEA_Care, HEA_Height, HEA_Weight, HEA_History1, HEA_History2, HEA_History3, HEA_History4, HEA_History5, HEA_History6, HEA_History7, HEA_History8, HEA_History9, HEA_History10, HEA_History11, HEA_History12, HEA_History13, HEA_History14, HEA_History15, HEA_History16, HEA_OtherIll, HEA_HistoryDetails, HEA_HospName, HEA_HospPhone, HEA_PhyName1, HEA_PhyAddress1, HEA_PhyPhone1, HEA_PhyFax1, HEA_PhyEmail1, HEA_PhySpecialty1, HEA_PhyName2, HEA_PhyAddress2, HEA_PhyPhone2, HEA_PhyFax2, HEA_PhyEmail2, HEA_PhySpecialty2, HEA_OtherAll, HEA_OtherDetails, HEA_Pendant, HEA_Storage
126.  
127.  ,HEA_LivingWill            
128.   ,HEA_Medical_Power_Attorney
129.   ,HEA_POLST                
130.   ,HEA_MOST                  
131.   ,HEA_DNR     )              
132.  
133.  VALUES
134.  ('$RES_ID', '$USR_ID', '$HEA_DateStamp','$HEA_Vision', '$HEA_Hearing', '$HEA_Mobility', '$HEA_Falls', '$HEA_Food', '$HEA_FoodPref', '$HEA_FoodDetails', '$HEA_Insect', '$HEA_InsectDetails', '$HEA_Driver', '$HEA_Make', '$HEA_Model', '$HEA_Year', '$HEA_Color', '$HEA_Plate', '$HEA_ParkArea', '$HEA_Care', '$HEA_Height', '$HEA_Weight', '$HEA_History1', '$HEA_History2', '$HEA_History3', '$HEA_History4', '$HEA_History5', '$HEA_History6', '$HEA_History7', '$HEA_History8', '$HEA_History9', '$HEA_History10', '$HEA_History11', '$HEA_History12', '$HEA_History13', '$HEA_History14', '$HEA_History15', '$HEA_History16', '$HEA_OtherIll', '$HEA_HistoryDetails', '$HEA_HospName', '$HEA_HospPhone', '$HEA_PhyName1', '$HEA_PhyAddress1', '$HEA_PhyPhone1', '$HEA_PhyFax1', '$HEA_PhyEmail1', '$HEA_PhySpecialty1', '$HEA_PhyName2', '$HEA_PhyAddress2', '$HEA_PhyPhone2', '$HEA_PhyFax2', '$HEA_PhyEmail2', '$HEA_PhySpecialty2', '$HEA_OtherAll', '$HEA_OtherDetails', '$HEA_Pendant', '$HEA_Storage'
135.  
136.  ,$HEA_LivingWill          
137.  ,$HEA_Medical_Power_Attorney
138.  ,$HEA_POLST
139.  ,$HEA_MOST                  
140.  ,$HEA_DNR                
141.  )") or die ("Error - No record creation");
142.  
143. $activeinfo2 = mssql_query("Select HEA_ID FROM Health ORDER BY HEA_ID DESC");
144. $HEA_ID2 = mssql_result($activeinfo2,0,'HEA_ID');
145.  
146.  
147.  $create_info2 = mssql_query("UPDATE Residents SET HEA_ID = '$HEA_ID2' WHERE RES_ID = '$RES_ID'") or die ("Error - No Residents record Update");
148.  
149.  
150. if(isset($_POST['next']))
151. {
152.  
153. $residentinfosp = mssql_query("Select * FROM Residents where RES_ID = '$RES_ID'");
154. $LIF_ID = mssql_result($residentinfosp,0,'LIF_ID');
155.   if($LIF_ID > 0)
156.        {
157.          header( 'Location:LifeDetails.php?rid=' . $RES_ID . '&lifid=' . $LIF_ID . '' );
158.        }
159.        else
160.        {
161.          header( 'Location:LifeDetails.php?rid=' . $RES_ID . '' );
162.        }
163. }
164. elseif(isset($_POST['back']))
165. {
166.  
167.          header( 'Location:LifeProfile2.php?rid=' . $RES_ID . '' );
168. }
169.  
170. else
171. {
172. echo '<script type="text/javascript">
173. <!--
174. parent.location = "LifeList.php?result=7"
175. //-->
176. </script>
177. ';  
178. }
179.  
180.  
181. ?>