Difference between revisions of "Medmasterpro API Review"
From OpenEMR Project Wiki
Bradymiller (talk | contribs) |
Bradymiller (talk | contribs) |
||
| Line 19: | Line 19: | ||
:* Note that to protect against sql injection the items that are in the sql queries with the add_escape_custom() function need to be surrounded by quotes. For example, the following is needed: $strQuery1 .= " WHERE encounter = '" . add_escape_custom($visit_id) . "' AND pid = '" . add_escape_custom($patientId)."'";. Note I placed single quotes around the variables. Make sure you do that for the rest of the sql queries here. | :* Note that to protect against sql injection the items that are in the sql queries with the add_escape_custom() function need to be surrounded by quotes. For example, the following is needed: $strQuery1 .= " WHERE encounter = '" . add_escape_custom($visit_id) . "' AND pid = '" . add_escape_custom($patientId)."'";. Note I placed single quotes around the variables. Make sure you do that for the rest of the sql queries here. | ||
:* Note that copays are no longer stored in the billing table, but are now stored in the ar_activity and ar_session tables. This was a new change in OpenEMR 4.1.1 . Look in the OpenEMR codebase and you'll find some good examples, which you can then mimick in this script. | :* Note that copays are no longer stored in the billing table, but are now stored in the ar_activity and ar_session tables. This was a new change in OpenEMR 4.1.1 . Look in the OpenEMR codebase and you'll find some good examples, which you can then mimick in this script. | ||
:* | :*Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script). | ||
==addcontactgeneral.php== | ==addcontactgeneral.php== | ||
Revision as of 00:17, 17 March 2013
Overview
- This is too review the Medmasterpro api code at http://github.com/medmasterpro/openemr . It gets it's own wiki page because it is an extensive and exciting ongoing project.
Functions
Overview
- These are all in the api directory.
Global Issues
- Change the 'push_notification' global to something more specific like 'device_push_notification_service'
Core functions/scripts in the includes directory
addappointment.php
- Surround the entire $device_token_badge with the 'push_notification' global switch. Also need to skip the $notification_res logic when not using the 'push_notification'.
- In $strQuery suery, need single quotes around the add_escape_custom($patientId)
- All the getUserData() function does is return two separate but identical variables with the getUsername() function. Clean this up, since it appears all you need is a $user = getUsername($userId) and no need for the other variables (emr/password/username).
- Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script)
- Use the InsertEvent() function in library/encounter_events.inc.php to create the appointment.
addcheckout.php
- Strip add_escape_custom() from $units = add_escape_custom($_POST['units']);
- Note that to protect against sql injection the items that are in the sql queries with the add_escape_custom() function need to be surrounded by quotes. For example, the following is needed: $strQuery1 .= " WHERE encounter = '" . add_escape_custom($visit_id) . "' AND pid = '" . add_escape_custom($patientId)."'";. Note I placed single quotes around the variables. Make sure you do that for the rest of the sql queries here.
- Note that copays are no longer stored in the billing table, but are now stored in the ar_activity and ar_session tables. This was a new change in OpenEMR 4.1.1 . Look in the OpenEMR codebase and you'll find some good examples, which you can then mimick in this script.
- Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
addcontactgeneral.php
addfacility.php
addfeesheet.php
addinsurancecompany.php
addlist.php
addonotes.php
addpatientdocument.php
addpatientdocumentwithlink.php
addpatientnotes.php
addpatient.php
addpayment.php
addprescription.php
addresource.php
addresourcewithlink.php
addreviewofsystems.php
addroschecks.php
addsoap.php
addvisit.php
addvisitvitals.php
classes.php
- The site variable will need to be dealt with at some point. Can do this later int he review process after have a better idea of the code flow.
