Changed database access to PDO using prepared statements

locationsubnetdel.php

@@ -14,32 +14,29 @@ $location_id = sanitize($_GET['location_id']);
 include("header.php");
 
 // location		
-$query = "SELECT
-	location_name
-FROM
-	location
-WHERE
-	location_id=" . $location_id;
-		
-$location = $db->db_select($query);
-		
-$smarty->assign("location_id", $location_id);
-$smarty->assign("location_name", $location[0]['location_name']);
+$sql = "SELECT location_id AS id, location_name AS name
+        FROM location
+        WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
+	
 	
 // subnet
-$query = "SELECT
+$sql = "SELECT
 		s.subnet_id,
 		s.subnet_address,
 		s.subnet_mask
 	FROM
 		subnetlocation AS l LEFT JOIN subnet AS s USING (subnet_id)
 	WHERE
-		l.location_id="  . $location_id . "
+		l.location_id=?
 	ORDER BY
 		INET_ATON(s.subnet_address)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
 
-$subnets = $db->db_select($query);
-$smarty->assign($subnets);
+$smarty->assign($sth->fetchAll());
 
 $smarty->display("locationsubnetdel.tpl");