Changed database access to PDO using prepared statements

assetedit.php

@@ -13,21 +13,14 @@ $asset_id = sanitize($_GET['asset_id']);
 
 include("header.php");
 	
-$query = "SELECT
-		asset_id,
-		asset_name,
-		asset_hostname,
-		asset_info,
-		assetclass_id
-	FROM
-		asset
-	WHERE
-		asset_id=" . $asset_id;
+$sql = "SELECT asset_id, asset_name, asset_hostname, asset_info, assetclass_id
+	FROM asset
+	WHERE asset_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$asset_id]);
+$smarty->assign("asset", $sth->fetch(PDO::FETCH_OBJ));
 
-$asset = $db->db_select($query);
-$smarty->assign("asset", $asset[0]);
-
-$smarty->assign("assetclass_options", $db->options_assetclass());
+$smarty->assign("assetclass_options", db_get_options_assetclass());
 
 $smarty->display("assetedit.tpl");