Jump to content

Need to change working MySQL queries and functions to sqlsrv on php file


wmeredith

Recommended Posts

I tried this:

 

 

<?php session_start();?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <title>Session Notes Entry Form</title>
        <meta name="description" content="">
        <link rel="stylesheet" href="css/normalize.css">
        <link rel="stylesheet" href="css/main.css">
        <link rel="icon" type="image/ico" href="favicon.ico">
    </head>
<?php include('C:\inetpub\wwwroot\connect.php'); ?>
<?php
if(isset($_POST['login'])){
$provider_id = mysql_real_escape_string($_POST['provider_id']);
$password = mysql_real_escape_string($_POST['password']);
 
$sql = "
SELECT
COUNT(*) as count
FROM providers
WHERE provider_id = '$provider_id'
AND password = '$password'
";
 
$res = mysql_fetch_assoc(mysql_query($sql));
 
if($res['count'] == 1){
$logged_in = true;
$_SESSION['provider_id'] = $provider_id;
$_SESSION['password'] = $password;
} else {
$logged_in = false;
}
} elseif(isset($_SESSION['provider_id'])) {
$provider_id = $_SESSION['provider_id'];
$password = $_SESSION['password'];
 
$sql = "
SELECT
COUNT(*) as count
FROM providers
WHERE provider_id = '$provider_id'
AND password = '$password'
";
 
$res = mysql_fetch_assoc(mysql_query($sql));
 
if($res['count'] == 1){
$logged_in = true;
} else {
$_SESSION = array();
session_destroy();
$logged_in = false;
}
} else {
$logged_in = false;
}
 
if(!$logged_in){
$tpl_vars = array();
$tpl_vars['{{title}}'] = "Session Entry | Login";
 
$provider_id = isset($_POST['provider_id']) ? $_POST['provider_id'] : '';
$tpl_vars['{{content}}'] = str_replace('{{provider_id}}',$provider_id,file_get_contents('tpl/login_form.html'));
 
} else {
$session_provider_id = $_SESSION['provider_id'];
$sql = "SELECT *,DATE_FORMAT(appointment,'%b %d %Y %h:%i %p') as appt FROM session_notes WHERE provider_id = '$session_provider_id'";
$res = mysql_query($sql);
 
//Table Headers 
$table = "<table><tr><th>Appointment ID</th><th>Patient ID</th><th>Appointment</th><th>Method(s) Provided</th><th>Response/Goals</th><th>Plan/Comments</th></tr>";
 
while($row = mysql_fetch_assoc($res)){
$table .= "<tr>";
$table .= "<td>$row[appointment_id]</td>";
$table .= "<td>$row[patient_id]</td>";
$table .= "<td>$row[appt]</td>";
$table .= "<td>".nl2br($row['notes'])."</td>";
$table .= "<td>".nl2br($row['notes2'])."</td>";
$table .= "<td>".nl2br($row['notes3'])."</td>";
 
$table .= "<td>";
$table .= "<form action='update.php' method='post'>";
$table .= "<input type='submit' value='edit' name='edit'>";
$table .= "<input type='hidden' name='appointment_id' value='$row[appointment_id]'>";
$table .= "</form>";
$table .= "</td>";
 
$table .= "</tr>";
}
 
$table .= "</table>";
 
$tpl_vars['{{title}}'] = "Session Notes Entry";
$tpl_vars['{{content}}'] = str_replace('{{table}}',$table,file_get_contents('tpl/notes_form.html'));
}
 
//get template & load data
$tpl = file_get_contents('tpl/template.html');
echo str_replace(array_keys($tpl_vars),array_values($tpl_vars),$tpl);
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
to this:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
<?php session_start();?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <title>Session Notes Entry Form</title>
        <meta name="description" content="">
        <link rel="stylesheet" href="css/normalize.css">
        <link rel="stylesheet" href="css/main.css">
        <link rel="icon" type="image/ico" href="favicon.ico">
    </head>
<?php include('C:\inetpub\wwwroot\connect.php'); ?>
<?php
if(isset($_POST['login'])){
$provider_id = sqlsrv_escape($_POST['provider_id']);  ???
$password = sqlsrv_escape($_POST['password']);      ???
 
$sql = "
SELECT
COUNT(*) as count
FROM [session_entry].[dbo].[providers]
WHERE provider_id = '$provider_id'
AND password = '$password'
";
 
$results = sqlsrv_fetch_array(sqlsrv_query($sql));
 
if($res['count'] == 1){
$logged_in = true;
$_SESSION['provider_id'] = $provider_id;
$_SESSION['password'] = $password;
} else {
$logged_in = false;
}
} elseif(isset($_SESSION['provider_id'])) {
$provider_id = $_SESSION['provider_id'];
$password = $_SESSION['password'];
 
$sql = "
SELECT
COUNT(*) as count
FROM providers
WHERE provider_id = '$provider_id'
AND password = '$password'
";
 
$results = sqlsrv_fetch_array(sqlsrv_query($sql));
 
if($res['count'] == 1){
$logged_in = true;
} else {
$_SESSION = array();
session_destroy();
$logged_in = false;
}
} else {
$logged_in = false;
}
 
if(!$logged_in){
$tpl_vars = array();
$tpl_vars['{{title}}'] = "Session Entry | Login";
 
$provider_id = isset($_POST['provider_id']) ? $_POST['provider_id'] : '';
$tpl_vars['{{content}}'] = str_replace('{{provider_id}}',$provider_id,file_get_contents('tpl/login_form.html'));
 
} else {
$session_provider_id = $_SESSION['provider_id'];
$sql = "SELECT *,DATE_FORMAT(appointment,'%b %d %Y %h:%i %p') as appt FROM session_notes WHERE provider_id = '$session_provider_id'";
$results = sqlsrv_query($sql);
 
//Table Headers 
$table = "<table><tr><th>Appointment ID</th><th>Patient ID</th><th>Appointment</th><th>Method(s) Provided</th><th>Response/Goals</th><th>Plan/Comments</th></tr>";
 
while($row = sqlsrv_fetch_array($results)){
$table .= "<tr>";
$table .= "<td>$row[appointment_id]</td>";
$table .= "<td>$row[patient_id]</td>";
$table .= "<td>$row[appt]</td>";
$table .= "<td>".nl2br($row['notes'])."</td>";
$table .= "<td>".nl2br($row['notes2'])."</td>";
$table .= "<td>".nl2br($row['notes3'])."</td>";
 
$table .= "<td>";
$table .= "<form action='update.php' method='post'>";
$table .= "<input type='submit' value='edit' name='edit'>";
$table .= "<input type='hidden' name='appointment_id' value='$row[appointment_id]'>";
$table .= "</form>";
$table .= "</td>";
 
$table .= "</tr>";
}
 
$table .= "</table>";
 
$tpl_vars['{{title}}'] = "Session Notes Entry";
$tpl_vars['{{content}}'] = str_replace('{{table}}',$table,file_get_contents('tpl/notes_form.html'));
}
 
//get template & load data
$tpl = file_get_contents('tpl/template.html');
echo str_replace(array_keys($tpl_vars),array_values($tpl_vars),$tpl);
 
doesn't work

 

Link to comment
Share on other sites

SQL Server does not have a DATE_FORMAT function. The closest equivalent is using CONVERT with certain format codes. The format you are trying to get is not available with the default format codes however. In this case you'll need to query the date unformatted, and then format it using PHP's date function (or DateTime class).

 

Other than that, your queries should move fine between each server without issue.

Link to comment
Share on other sites

I managed to figure out the Date formatting. I do need help with the equivalent of :

 

 

 
mysql_escape for sqlsrv
 
if(isset($_POST['login'])){
$provider_id = mysql_escape($_POST['provider_id']);
$password = mysql_escape($_POST['password']);
 
Thanks!
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.