Changed database access to PDO using prepared statements

2023-02-22 10:50:24 +01:00
parent a4ecd1bff7
commit 7c300e0a8f
132 changed files with 5364 additions and 6091 deletions
--- a/locationsubnetedit.php
+++ b/locationsubnetedit.php
@@ -12,18 +12,13 @@ include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 		
 include("header.php");
-// location
-$query = "SELECT
-		location_name
-	FROM
-		location
-	WHERE
-		location_id=" . $location_id;

-$location = $db->db_select($query);
-
-$smarty->assign("location_id", $location_id);
-$smarty->assign("location_name", $location[0]['location_name']);
+$sql = "SELECT location_id AS id, location_name AS name
+        FROM location
+        WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$zone_id]);
+$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 	
 $smarty->display("locationsubnetedit.tpl");