Changed database access to PDO using prepared statements

2023-02-22 10:50:24 +01:00
parent a4ecd1bff7
commit 7c300e0a8f
132 changed files with 5364 additions and 6091 deletions
--- a/locationdel.php
+++ b/locationdel.php
@@ -13,17 +13,10 @@ $location_id = sanitize($_GET['location_id']);
 		
 include("header.php");
 		
-$query = "SELECT
-	location_name
-FROM
-	location
-WHERE
-	location_id=" . $location_id;
-		
-$location = $db->db_select($query);
-		
-$smarty->assign("location_id", $location_id);
-$smarty->assign("location_name", $location[0]['location_name']);
+$sql = "SELECT location_name FROM location WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));

 $smarty->display("locationdel.tpl");