Changed database access to PDO using prepared statements

This commit is contained in:
2023-02-22 10:50:24 +01:00
parent a4ecd1bff7
commit 7c300e0a8f
132 changed files with 5364 additions and 6091 deletions

View File

@@ -13,33 +13,22 @@ $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
include("header.php");
$query = "SELECT
assetclassgroup_id,
assetclassgroup_name,
assetclassgroup_color
FROM
assetclassgroup
WHERE
assetclassgroup_id=" . $assetclassgroup_id;
$sql = "SELECT assetclassgroup_id AS id,
assetclassgroup_name AS name,
assetclassgroup_color AS color
FROM assetclassgroup
WHERE assetclassgroup_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclassgroup_id]);
$smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
$assetclassgroup = $db->db_select($query);
$smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
$smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
$smarty->assign("assetclassgroup_color", $assetclassgroup[0]['assetclassgroup_color']);
$query = "SELECT
assetclass_id,
assetclass_name
FROM
assetclass
WHERE
assetclassgroup_id=" . $assetclassgroup_id . "
ORDER BY
assetclass_name";
$assetclasses = $db->db_select($query);
$smarty->assign("assetclasses", $assetclasses);
$sql = "SELECT assetclass_id, assetclass_name
FROM assetclass
WHERE assetclassgroup_id=?
ORDER BY assetclass_name";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclassgroup_id]);
$smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetclassgroupview.tpl");