Changed database access to PDO using prepared statements

assetclassdel.php

@@ -13,18 +13,13 @@ $assetclass_id = sanitize($_GET['assetclass_id']);
 
 include("header.php");
 
-$query = "SELECT
-		assetclass_id,
-		assetclass_name
-	FROM
-		assetclass
-	WHERE
-		assetclass_id=" . $assetclass_id;
+$sql = "SELECT assetclass_id, assetclass_name
+        FROM assetclass
+	WHERE assetclass_id=?";
 
-$assetclass = $db->db_select($query);
-
-$smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
-$smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclass_id]);
+$smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 
 $smarty->display("assetclassdel.tpl");