Hospital Management System or HMS Software for Hospitals is a system which is used to manage hospital operations like patient registration, appointment scheduling, and billing.This project is build using PHP and Mysql .This is perfect for students and PHP beginners as it provide practical implementation of PHP with full source code.In this guide we will learn how to create a hospital management system (HMS Software) in PHP .
Key Features of the System
In Hospital Management System there are different sections. In this application below are the key features :
- User Roles : The application will have users .Users will be assigned roles such as Admin, Staff, Doctor, and Patient.
- Role-Based Permissions : Each role of user will have specific permissions.
- Appointment Management : In appointment management patients can book appointments, and staff can approve them.
- Billing System : In Billing System staff will generate bills for patient services.
- Single Registration: A unified registration form for all user types.
Prerequisites
- Basic knowledge of PHP, MySQL, and HTML/CSS.
- A local development environment like XAMPP or WAMP
- A text editor like VS Code or Sublime Text
Step-by-Step Guide to Build Hospital Management System (HMS Software)
Step 1: Database Design for Hospital Management System (HMS Software)
First we need to design database .So for this we will create a database named as hospital_db .
We need to create users table where we will store all users data .Our user will be admin, staff, patient and doctors.With this we will create a role type. Each role type wll have permissions .
Find all the tables with sql code for Hospital Management System .
SQL Code for Tables:
Create the ‘roles’ table.This table will store all roles with role name and unique id .
CREATE TABLE roles (
id INT AUTO_INCREMENT PRIMARY KEY,
role_name VARCHAR(50) NOT NULL
);Create the ‘users’ table . Users will store all the details related to user with role id mapped to it.
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100) NOT NULL,
email VARCHAR(100) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
role_id INT,
FOREIGN KEY (role_id) REFERENCES roles(id)
);Create the ‘appointments’ table .Appointments table will store patient id mapped to their doctor assigned with appointment date .
CREATE TABLE appointments (
id INT AUTO_INCREMENT PRIMARY KEY,
patient_id INT,
doctor_id INT,
appointment_date DATE,
status VARCHAR(50),
FOREIGN KEY (patient_id) REFERENCES users(id),
FOREIGN KEY (doctor_id) REFERENCES users(id)
);Create the ‘billing’ table . The billing table will store the total amount against the respective apointment id .
CREATE TABLE billing (
id INT AUTO_INCREMENT PRIMARY KEY,
appointment_id INT,
amount DECIMAL(10, 2),
FOREIGN KEY (appointment_id) REFERENCES appointments(id)
);Step 2: User Registration and Role Assignment
We need to create a user interface from where the user can fill the form and register themselves as a user with a specific role.
To manage different user types, we’ll use a single registration form. Users can enter their details and select their specific role (Admin, Doctor, Patient, Staff) during registration.
For this we need to create register.php page .Add the html form in this page .This will register the user in the system .
HTML Form for Registration:
<form method="POST" action="">
<label>Name:</label>
<input type="text" name="name" required>
<label>Email:</label>
<input type="email" name="email" required>
<label>Password:</label>
<input type="password" name="password" required>
<label>Role:</label>
<select name="role">
<option value="1">Admin</option>
<option value="2">Doctor</option>
<option value="3">Patient</option>
<option value="4">Staff</option>
</select>
<button type="submit">Register</button>
</form>After the form is created we need to connect it to database and submit data on user click.So we will create php code for this form.On the top of the page before html form we will add php code.This php code will process the data for registration.
PHP Code for Registration:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['name'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$role_id = $_POST['role'];
// Database connection
$conn = new mysqli('localhost', 'root', '', 'hospital_management');
$sql = "INSERT INTO users (name, email, password, role_id) VALUES ('$name', '$email', '$password', '$role_id')";
if ($conn->query($sql)) {
echo "Registration successful!";
} else {
echo "Error: " . $conn->error;
}
}
?>Step 3: Appointment Booking
We need to create a dashboard interface from where all user can login and book appointment .The login form will have two fields username and password. As soon the user will enter his details ,it will be checked by application . If the details are found in database and the user has a role as patient he will be redirected to appointment page.
Patients after logging in book appointments area can book doctors for their appointments.
Interface for Dashboard Area
<form method="POST" action="">
<label>Username:</label>
<input type="text" name="username" required>
<label>Password:</label>
<input type="password" name="password" required>
<button type="submit">Login</button>
</form>PHP Code for login in Dashboard Area :
// Start the session
session_start();
// Get input values from the login form
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = $_POST['password'];
// Query to validate the user and check their role
$query = "
SELECT u.id, u.name, u.email, u.password, r.role_name
FROM users u
INNER JOIN roles r ON u.role_id = r.id
WHERE u.email = '$email' AND r.role_name = 'patient'
";
$result = mysqli_query($conn, $query);
// Check if a user was found
if (mysqli_num_rows($result) == 1) {
$user = mysqli_fetch_assoc($result);
// Verify the password
if (password_verify($password, $user['password'])) {
// Set session variables
$_SESSION['user_id'] = $user['id'];
$_SESSION['name'] = $user['name'];
$_SESSION['email'] = $user['email'];
$_SESSION['role'] = $user['role_name'];
// Redirect to the appointment page
header("Location: appointmentpage.php");
exit;
} else {
// Password does not match
header("Location: login.php?error=Invalid password");
exit;
}
} else {
// No user found or not a patient
header("Location: login.php?error=Invalid email or not a patient");
exit;
}Now create an appoint page appointmentpage.php.In this page we need to create interface for appointment booking.So add HTML Form for Appointment Booking in this page.
HTML Form for Appointment Booking:
<?php
// Database connection
$conn = new mysqli('localhost', 'root', '', 'hospital_management');
// Query to select all patients
$query = "SELECT * FROM wusers WHERE role = 'patient'";
$patient_result = mysqli_query($conn, $query);
$drquery = "SELECT * FROM wusers WHERE role = 'doctor'";
$doctor_result = mysqli_query($conn, $drquery);
?>
<form method="POST" action="">
<label>Patient ID:</label>
<select name="patient_id" required>
if (mysqli_num_rows($patient_result) > 0) {
while ($row = mysqli_fetch_assoc($patient_result)) {
echo '<option value="' . $row['id'] . '">' . $row['name'] . '</option>';
}
}
</select>
<label>Doctor ID:</label>
<select name="doctor_id" required>
if (mysqli_num_rows($doctor_result) > 0) {
while ($row = mysqli_fetch_assoc($doctor_result)) {
echo '<option value="' . $row['id'] . '">' . $row['name'] . '</option>';
}
}
</select>
<label>Appointment Date:</label>
<input type="date" name="appointment_date" required>
<button type="submit">Book Appointment</button>
</form>Add the below PHP code on top which will process the booking form .
PHP Code for Appointment Booking:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$patient_id = $_POST['patient_id'];
$doctor_id = $_POST['doctor_id'];
$appointment_date = $_POST['appointment_date'];
$sql = "INSERT INTO appointments (patient_id, doctor_id, appointment_date, status)
VALUES ('$patient_id', '$doctor_id', '$appointment_date', 'Pending')";
if ($conn->query($sql)) {
echo "Appointment booked successfully!";
} else {
echo "Error: " . $conn->error;
}
}
?>Step 4: Staff Approval and Billing
Staff can login in dashboard area and can approve or reject the bookings . Staff can approve appointments and generate bills.
After login staff can view all the appointments and can approve and generate bill .
For this we need to create a View Appointment section in dashboard .Clicking on this View Appointment staff user will be redirected to all appointmnets.He can view two buttons there Approve Appointment and Reject Appointment .Clicking on Approve Appointment button the appintment will be approved and clicking on Reject Appointment button the appointment will be rejected .
So we will create appointments.php page .In this page we will display all appointments with two buttons Approve Appointment and Reject Appointment .
Html and PHP Code For Displaying All Appointments:
<?php
// Database connection
$servername = "localhost";
$username = "root";
$password = "";
$database = "hospital_db";
$conn = new mysqli($servername, $username, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Fetch appointments
$sql = "
SELECT
a.id AS appointment_id,
p.name AS patient_name,
p.email AS patient_email,
d.name AS doctor_name,
a.appointment_date,
a.status
FROM
appointments a
JOIN
users p ON a.patient_id = p.id
JOIN
users d ON a.doctor_id = d.id;
";
$result = $conn->query($sql);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Appointments</title>
<style>
table {
width: 100%;
border-collapse: collapse;
}
th, td {
border: 1px solid #ddd;
padding: 8px;
}
th {
background-color: #f2f2f2;
}
.btn {
padding: 5px 10px;
color: #fff;
border: none;
cursor: pointer;
}
.btn-approve {
background-color: #4CAF50;
}
.btn-reject {
background-color: #f44336;
}
</style>
</head>
<body>
<h1>Appointments</h1>
<table>
<thead>
<tr>
<th>Patient Name</th>
<th>Patient Email</th>
<th>Doctor Name</th>
<th>Appointment Date</th>
<th>Status</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php if ($result->num_rows > 0): ?>
<?php while ($row = $result->fetch_assoc()): ?>
<tr>
<td><?= htmlspecialchars($row['patient_name']); ?></td>
<td><?= htmlspecialchars($row['patient_email']); ?></td>
<td><?= htmlspecialchars($row['doctor_name']); ?></td>
<td><?= htmlspecialchars($row['appointment_date']); ?></td>
<td><?= htmlspecialchars($row['status']); ?></td>
<td>
<?php if ($row['status'] == ''): ?>
<form action="update_appointment.php" method="POST" style="display:inline;">
<input type="hidden" name="appointment_id" value="<?= $row['appointment_id']; ?>">
<button type="submit" name="action" value="approve" class="btn btn-approve">Approve</button>
</form>
<form action="update_appointment.php" method="POST" style="display:inline;">
<input type="hidden" name="appointment_id" value="<?= $row['appointment_id']; ?>">
<button type="submit" name="action" value="reject" class="btn btn-reject">Reject</button>
</form>
<?php endif; ?>
<?php if ($row['status'] === 'Approved'): ?>
<!-- Generate Bill Button -->
<form action="generate_bill.php" method="POST">
<input type="hidden" name="appointment_id" value="<?= $row['appointment_id']; ?>">
<label>Amount(Rs)</label>
<input type="number" name="amount" value="" required>
<button type="submit" class="btn btn-generate">Generate Bill</button>
</form>
<?php endif; ?>
</td>
</tr>
<?php endwhile; ?>
<?php else: ?>
<tr>
<td colspan="6">No appointments found.</td>
</tr>
<?php endif; ?>
</tbody>
</table>
</body>
</html>
<?php
$conn->close();
?>
Now we need to write code to update appointment so we will create update_appointment.php page .
PHP Script to Handle Button Actions for update_appointment.php page .
<?php
// Database connection
$servername = "localhost";
$username = "root";
$password = "";
$database = "hospital_db";
$conn = new mysqli($servername, $username, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$appointment_id = intval($_POST['appointment_id']);
$action = $_POST['action'];
if ($action === 'approve') {
$status = 'Approved';
} elseif ($action === 'reject') {
$status = 'Rejected';
}
$sql = "UPDATE appointments SET status = ? WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("si", $status, $appointment_id);
if ($stmt->execute()) {
echo "Appointment status updated successfully.";
} else {
echo "Error updating appointment: " . $conn->error;
}
$stmt->close();
$conn->close();
header("Location: appointments.php"); // Redirect back to the appointments page
exit;
}
?>
To Reject Appointment in Hospital Management System we use below sql query
$sql = "UPDATE appointments SET status = 'Rejected' WHERE id = $appointment_id";Generate Billing:
After Appointment is approved Generate Bill button is activated .Clicking on Generate Bill the appointmet id and amount will be submitted with form submit and the bill in html will be generated .
We need to create page and named as generate_bill.php .In this page Bill Generation script will be written .
Bill Generation Script
<?php
// Database connection
$servername = "localhost";
$username = "root";
$password = "";
$database = "hospital_db";
$conn = new mysqli($servername, $username, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$appointment_id = intval($_POST['appointment_id']);
$amount = $_POST['amount'];
// Check if a bill already exists for the appointment
$check_sql = "SELECT * FROM billing WHERE appointment_id = ?";
$stmt = $conn->prepare($check_sql);
$stmt->bind_param("i", $appointment_id);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 0) {
// Insert billing record
$insert_sql = "INSERT INTO billing (appointment_id, amount) VALUES (?, ?)";
$stmt = $conn->prepare($insert_sql);
$stmt->bind_param("id", $appointment_id, $amount);
$stmt->execute();
} else {
$row = $result->fetch_assoc();
$amount = $row['amount'];
}
// Fetch appointment details for the bill
$sql = "
SELECT
a.id AS appointment_id,
p.name AS patient_name,
p.email AS patient_email,
d.name AS doctor_name,
a.appointment_date
FROM
appointments a
JOIN
users p ON a.patient_id = p.id
JOIN
users d ON a.doctor_id = d.id
WHERE
a.id = ?;
";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $appointment_id);
$stmt->execute();
$appointment = $stmt->get_result()->fetch_assoc();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Appointment Bill</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
}
.bill-container {
width: 50%;
margin: 0 auto;
border: 1px solid #ddd;
padding: 20px;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
}
h2 {
text-align: center;
}
.bill-details {
margin-top: 20px;
}
.bill-details th, .bill-details td {
text-align: left;
padding: 5px 10px;
}
.bill-details th {
background-color: #f9f9f9;
}
</style>
</head>
<body>
<div class="bill-container">
<h2>Appointment Bill</h2>
<table class="bill-details">
<tr>
<th>Appointment ID:</th>
<td><?= htmlspecialchars($appointment['appointment_id']); ?></td>
</tr>
<tr>
<th>Patient Name:</th>
<td><?= htmlspecialchars($appointment['patient_name']); ?></td>
</tr>
<tr>
<th>Patient Email:</th>
<td><?= htmlspecialchars($appointment['patient_email']); ?></td>
</tr>
<tr>
<th>Doctor Name:</th>
<td><?= htmlspecialchars($appointment['doctor_name']); ?></td>
</tr>
<tr>
<th>Appointment Date:</th>
<td><?= htmlspecialchars($appointment['appointment_date']); ?></td>
</tr>
<tr>
<th>Amount:</th>
<td>$<?= number_format($amount, 2); ?></td>
</tr>
</table>
</div>
</body>
</html>
<?php
$conn->close();
?>
Step 5: Securing the System
We can secure the Hospital Management System application by securing passwords and validating inputs .
- Password Hashing:For password storage use password_hash() function
- Input Validation: Validate all inputs to prevent SQL injection and XSS attacks.
- Role-Based Access Control: Ensure only authorized users access specific functionalities.
By following the steps outlined in this guide, you can build a functional hospital management system in PHP. This project not only enhances your coding skills but also demonstrates your ability to solve real-world problems.