PHP xmlsafestring函数代码示例

     $xml_array['Patient']['notelist']['status'] = 0;
     foreach ($patient_data as $key => $patient_data_a) {
         $xml_array['Patient']['notelist']['note-' . $key] = $patient_data_a;
     }
 } else {
     $xml_array['Patient']['notelist']['status'] = 1;
     $xml_array['Patient']['notelist']['reason'] = 'No Patient Data found';
 }
 $strQuery8 = "select date as vitalsdate, bps, bpd, weight, height, temperature, temp_method,\n\t\t\t\tpulse, respiration, note as vitalnote, bmi, bmi_status, waist_circ, head_circ,\n\t\t\t\toxygen_saturation \n\t\t\t\tFROM form_vitals\n\t\t\t\tWHERE pid = ?\n\t\t\t\tORDER BY DATE DESC";
 $dbresult8 = sqlStatement($strQuery8, array($p_id));
 if ($dbresult8) {
     $counter8 = 0;
     $xml_array['Patient']['vitalslist']['status'] = 0;
     while ($row8 = sqlFetchArray($dbresult8)) {
         foreach ($row8 as $fieldname => $fieldvalue8) {
             $rowvalue = xmlsafestring($fieldvalue8);
             $xml_array['Patient']['vitalslist']['vitals-' . $counter8][$fieldname] = $rowvalue;
         }
         // foreach
         $counter8++;
     }
 } else {
     $xml_array['Patient']['vitalslist']['status'] = 1;
     $xml_array['Patient']['vitalslist']['reason'] = 'No Patient Vital Data found';
 }
 $strQuery1 = "SELECT d.date,d.size,d.url,d.docdate,d.mimetype,c2d.category_id\n                                FROM `documents` AS d\n                                INNER JOIN `categories_to_documents` AS c2d ON d.id = c2d.document_id\n                                WHERE foreign_id = ?\n                                AND category_id = 13\n                                ORDER BY category_id, d.date DESC \n                                LIMIT 1";
 $result1 = sqlQuery($strQuery1, array($p_id));
 if ($result1) {
     $xml_array['Patient']['demographics']['profile_image'] = getUrl($result1['url']);
 } else {
     $xml_array['Patient']['demographics']['profile_image'] = '';

if ($userId = validateToken($token)) {
    $user = getUsername($userId);
    $acl_allow = acl_check('encounters', 'auth_a', $user);
    if ($acl_allow) {
        $strQuery = "SELECT fros.id, f.user, fros.date, weight_change, weakness, fatigue, anorexia, fever, chills, night_sweats, insomnia, irritability, heat_or_cold, intolerance, change_in_vision, glaucoma_history, eye_pain, irritation, redness, excessive_tearing, double_vision, blind_spots, photophobia, hearing_loss, discharge, pain, vertigo, tinnitus, frequent_colds, sore_throat, sinus_problems, post_nasal_drip, nosebleed, snoring, apnea, breast_mass, breast_discharge, biopsy, abnormal_mammogram, cough, sputum, shortness_of_breath, wheezing, hemoptsyis, asthma, copd, chest_pain, palpitation, syncope, pnd, doe, orthopnea, peripheal, edema, legpain_cramping, history_murmur, arrythmia, heart_problem, dysphagia, heartburn, bloating, belching, flatulence, nausea, vomiting, hematemesis, gastro_pain, food_intolerance, hepatitis, jaundice, hematochezia, changed_bowel, diarrhea, constipation, polyuria, polydypsia, dysuria, hematuria, frequency, urgency, incontinence, renal_stones, utis, hesitancy, dribbling, stream, nocturia, erections, ejaculations, g, p, ap, lc, mearche, menopause, lmp, f_frequency, f_flow, f_symptoms, abnormal_hair_growth, f_hirsutism, joint_pain, swelling, m_redness, m_warm, m_stiffness, muscle, m_aches, fms, arthritis, loc, seizures, stroke, tia, n_numbness, n_weakness, paralysis, intellectual_decline, memory_problems, dementia, n_headache, s_cancer, psoriasis, s_acne, s_other, s_disease, p_diagnosis, p_medication, depression, anxiety, social_difficulties, thyroid_problems, diabetes, abnormal_blood, anemia, fh_blood_problems, bleeding_problems, allergies, frequent_illness, hiv, hai_status\n\tFROM `forms` AS f\n\tINNER JOIN `form_ros` AS fros ON f.form_id = fros.id\n\tWHERE `encounter` = ?\n\tAND `form_name` = 'Review Of Systems' ORDER BY fros.`date` DESC";
        $result = sqlStatement($strQuery, array($visit_id));
        if ($result->_numOfRows > 0) {
            $xml_string .= "<status>0</status>";
            $xml_string .= "<reason>The Review of Systems Record has been fetched</reason>";
            $count = 0;
            while ($res = sqlFetchArray($result)) {
                $xml_string .= "<reviewofsystem>\n";
                $xml_string .= "<id>{$res['id']}</id>\n";
                $xml_string .= "<date>{$res['date']}</date>\n";
                foreach ($res as $fieldName => $fieldValue) {
                    $rowValue = xmlsafestring($fieldValue);
                    if ($fieldName == 'id' || $fieldName == 'date' || $fieldName == 'user') {
                    } else {
                        $xml_string .= "<disease>\n";
                        $xml_string .= "<name>{$fieldName}</name>\n";
                        $xml_string .= "<status>{$rowValue}</status>\n";
                        $xml_string .= "</disease>\n";
                    }
                }
                $userName = $res['user'];
                $user_query = "SELECT  `fname` ,  `lname` \n                                                    FROM  `users` \n                                                    WHERE `username` LIKE ?";
                $user_result = sqlQuery($user_query, array($userName));
                $xml_string .= "<firstname>{$user_result['fname']}</firstname>\n";
                $xml_string .= "<lastname>{$user_result['lname']}</lastname>\n";
                $xml_string .= "</reviewofsystem>\n";
                $count++;

 $xml_string .= "<status>0</status>\n";
 $xml_string .= "<reason>Success processing patient appointments records</reason>\n";
 $counter = 0;
 foreach ($events as $event) {
     $xml_string .= "<Appointment>\n";
     foreach ($event as $fieldname => $fieldvalue) {
         $rowvalue = xmlsafestring($fieldvalue);
         $xml_string .= "<{$fieldname}>{$rowvalue}</{$fieldname}>\n";
     }
     $strQuery = 'SELECT pc_apptstatus,p.sex as gender,p.pid as p_id, pce.pc_facility,pce.pc_billing_location,f1.name as facility_name,f2.name as billing_location_name FROM openemr_postcalendar_events as pce
                                 LEFT JOIN `facility` as f1 ON pce.pc_facility = f1.id
                                 LEFT JOIN `facility` as f2 ON pce.pc_billing_location = f2.id
                                 LEFT JOIN patient_data AS p ON p.pid = pce.pc_pid 
                             WHERE pc_eid = ?';
     $result = sqlQuery($strQuery, array($event['pc_eid']));
     $status = xmlsafestring($result['pc_apptstatus']);
     $xml_string .= "<gender>{$result['gender']}</gender>\n";
     $xml_string .= "<pc_apptstatus>{$status}</pc_apptstatus>\n";
     $xml_string .= "<pc_facility>{$result['pc_facility']}</pc_facility>\n";
     $xml_string .= "<facility_name>{$result['facility_name']}</facility_name>\n";
     $xml_string .= "<pc_billing_location>{$result['pc_billing_location']}</pc_billing_location>\n";
     $xml_string .= "<billing_location_name>{$result['billing_location_name']}</billing_location_name>\n";
     $patient_id = $result['p_id'];
     $strQuery2 = "SELECT d.url\n                                FROM `documents` AS d\n                                INNER JOIN `categories_to_documents` AS c2d ON d.id = c2d.document_id\n                                WHERE d.foreign_id = ?\n                                AND c2d.category_id = 13";
     $result2 = sqlQuery($strQuery2, array($patient_id));
     if ($result2) {
         $url = getUrl($result2['url']);
         $xml_string .= "<patient_profile_image>{$url}</patient_profile_image>\n";
     } else {
         $xml_string .= "<patient_profile_image></patient_profile_image>\n";
     }