بيانات المريض















setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Process form submission if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Validate and sanitize inputs $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING); $complain = filter_input(INPUT_POST, 'complain', FILTER_SANITIZE_STRING); $age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT); $national = filter_input(INPUT_POST, 'national', FILTER_SANITIZE_STRING); $gender = filter_input(INPUT_POST, 'gender', FILTER_SANITIZE_STRING); $phone = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING); $location = filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING); // Get current date and time $date = date('Y-m-d'); // Format: YYYY-MM-DD $time = date('H:i:s'); // Format: HH:MM:SS // Additional validation if (empty($name)) { throw new Exception("Name is required"); } if ($age === false || $age < 0 || $age > 120) { throw new Exception("Invalid age value"); } // Prepare and execute query with proper data types $stmt = $conn->prepare("INSERT INTO patients (name, complain, age, national, date, gender, phone, location, time) VALUES (:name, :complain, :age, :national, :date, :gender, :phone, :location, :time)"); $stmt->bindParam(':name', $name, PDO::PARAM_STR); $stmt->bindParam(':complain', $complain, PDO::PARAM_STR); $stmt->bindParam(':age', $age, PDO::PARAM_INT); $stmt->bindParam(':national', $national, PDO::PARAM_STR); $stmt->bindParam(':date', $date, PDO::PARAM_STR); // Bind the current date $stmt->bindParam(':gender', $gender, PDO::PARAM_STR); $stmt->bindParam(':phone', $phone, PDO::PARAM_STR); $stmt->bindParam(':location', $location, PDO::PARAM_STR); $stmt->bindParam(':time', $time, PDO::PARAM_STR); // Bind the current time if ($stmt->execute()) { echo ""; exit(); } else { echo "Error executing query: " . $stmt->errorInfo[2]; // Provide error details for debugging } $stmt->closeCursor(); // Close the prepared statement cursor } } catch (PDOException $e) { // Handle database-specific errors if ($e->errorInfo[1] == 1062) { die("Error: Duplicate entry (possibly national already exists)"); } elseif ($e->errorInfo[1] == 1366) { die("Error: Incorrect data type - check your input values"); } else { die("Database Error: " . $e->getMessage()); } } catch (Exception $e) { // Handle general exceptions die("Error: " . $e->getMessage()); } // Close the connection $conn = null; ?>