qstr($_GET['note']);
+ $note = $db->qstr($_POST['note']);
$sql = "INSERT INTO `case_note` (case_note_id,case_id,operator_id,note,datetime)
VALUES (NULL,'$case_id','$operator_id',$note,CONVERT_TZ(NOW(),'System','UTC'))";
$db->Execute($sql);
}
- if (isset($_GET['outcome_id']))
+ if (isset($_POST['outcome_id']))
{
- $outcome_id = bigintval($_GET['outcome_id']);
+ $outcome_id = bigintval($_POST['outcome_id']);
if ($outcome_id > 0)
{
@@ -254,9 +254,9 @@ if ($case_id != false)
}
}
- if (isset($_GET['operator_id']))
+ if (isset($_POST['operator_id']))
{
- $case_operator_id = bigintval($_GET['operator_id']);
+ $case_operator_id = bigintval($_POST['operator_id']);
if ($case_operator_id == 0)
{
@@ -275,7 +275,7 @@ if ($case_id != false)
$db->Execute($sql);
}
- if (isset($_GET['submitag']))
+ if (isset($_POST['submitag']))
{
$db->StartTrans();
@@ -284,7 +284,7 @@ if ($case_id != false)
$db->Execute($sql);
- foreach($_GET as $key => $val)
+ foreach($_POST as $key => $val)
{
if (substr($key,0,2) == "ag")
{
@@ -436,8 +436,7 @@ if ($case_id != false)
}
//add a note
?>
-
@@ -476,7 +475,7 @@ if ($case_id != false)
print "
" . T_("Assign this case to operator (will appear as next case for them)") . "
";
?>
-
GetAll($sql);
//Display all availability groups as checkboxes
- print "
" . T_("Set a case outcome") . "
";
?>
-
" . T_("Deidentify") . "
";
print "
" . T_("Remove all sample details and contact numbers from this case") . "
";
?>
-
Execute($sql);