sunsetsystems wrote on Friday, March 11, 2005:
So, while checking to see why searching for a patient by ID behaves strangely, I came across this function in patient.inc. Guess what kind of SQL statement it generates?
----------
function getPatientId($pid = “%”, $given = “pid, id, lname, fname, mname, providerID, DATE_FORMAT(DOB,’%m/%d/%Y’) as DOB_TS”, $orderby = “lname ASC, fname ASC”, $limit=“all”, $start=“0”)
{
$sql=“select pid, MAX(id) as id from patient_data group by pid DESC order by pid ASC”;
$res = sqlStatement($sql);
$sql=“select $given from patient_data where pubpid like ‘$pid%’ and (”;
for ($iter = 0;$row = sqlFetchArray($res);$iter++)
$sql.=" id=’{$row[‘id’]}’ or";
if ($iter > 0)
$sql = substr($sql, 0, -3) . “) order by $orderby”;
else
$sql = substr($sql, 0, -5).“order by $orderby”;
if ($limit != “all”)
$sql .= " limit $start, $limit";
$rez = sqlStatement($sql);
for($iter=0; $row=sqlFetchArray($rez); $iter++)
$returnval[$iter]=$row;
return $returnval;
}
----------
Hint: On my system it’s about 152,000 characters long!