Err. in Billing Mng - cannot query by pt name

nursejeff wrote on Tuesday, September 18, 2012:

Hi,

This is a new discovery today.  My billing manage has informed me since the recent updates that she can no longer query pt names within the Billing Manager.  This is a big issue for her.  Error message below:

ERROR: query failed: select distinct billing.id, form_encounter.date, billing.pid, billing.code_type, billing.code, billing.user from form_encounter, billing, patient_data, claims, insurance_data where billing.encounter = form_encounter.encounter and billing.pid = form_encounter.pid and patient_data.pid = form_encounter.pid and claims.patient_id = form_encounter.pid and claims.encounter_id = form_encounter.encounter and insurance_data.pid = form_encounter.pid and insurance_data.type = ‘primary’ AND (billing.billed = ‘0’ or (billing.billed = ‘1’ and billing.bill_process = ‘3’)) AND (patient_data.fname like ‘ternes%’ or patient_data.lname like ‘ternes%’) and billing.code_type like ? and billing.activity = 1 order by billing.pid, billing.date ASC

Thank you for your help.

I am running version 4.1.1 (3).

Jeff Guillory
NP Health Clinic

cverk wrote on Wednesday, September 19, 2012:

This looks a lot like my posted error on the second page of this thread. In that case an apostrophe was read as an attempt to inject code and is avoided by 2 apostrophes. 

http://sourceforge.net/projects/openemr/forums/forum/202506/topic/5598755/index/page/2

bradymiller wrote on Thursday, September 20, 2012:

Hi,
Which billing manager (Fees->Billing->EOB or Fees->Batch Payments). Does it happen with every name or special names (as cverk eludes to, does the name contain special characters such as apostrophe?)
-brady
OpenEMR

nursejeff wrote on Thursday, September 20, 2012:

Fees  -> Billing  -> under Choose Criteria click on Patient Name  type in any patient name regardless of apostrophe.   For example, I typed in “Griffin” and got this error message: 

ERROR: query failed: select distinct billing.id, form_encounter.date, billing.pid, billing.code_type, billing.code, billing.user from form_encounter, billing, patient_data, claims, insurance_data where billing.encounter = form_encounter.encounter and billing.pid = form_encounter.pid and patient_data.pid = form_encounter.pid and claims.patient_id = form_encounter.pid and claims.encounter_id = form_encounter.encounter and insurance_data.pid = form_encounter.pid and insurance_data.type = ‘primary’ AND (billing.billed = ‘0’ or (billing.billed = ‘1’ and billing.bill_process = ‘3’)) AND (form_encounter.date between ‘2012-09-20 00:00:00’ and ‘2012-09-20 23:59:59’) AND (patient_data.fname like ‘griffin%’ or patient_data.lname like ‘griffin%’) and billing.code_type like ? and billing.activity = 1 order by billing.pid, billing.date ASC

bradymiller wrote on Thursday, September 20, 2012:

Hi Jeff,

Thanks for reporting this bug. Easy to fix and just committed the fix to sourceforge:
http://github.com/openemr/openemr/commit/355a6250d81b5f11a5e2e93adc8b5119a2e41586
(note the mod at line 46 is all that is needed; the other changes are just to clarify the code for developers)

(will place this in the next routine 4.1.1 patch)
-brady
OpenEMR