Changed database access to PDO using prepared statements

natdel.php

@@ -14,39 +14,24 @@ $node_id = sanitize($_GET['node_id']);
 include("header.php");
 
 // node_ext
-$query = "SELECT
-		node_ip AS node_ip_ext
-	FROM
-		node
-	WHERE
-		node_id=" . $node_id;
-
-$node = $db->db_select($query);
-
-$smarty->assign("node_id_ext", $node_id);
-$smarty->assign("node_ip_ext", $node[0]['node_ip_ext']);
+$sth = $dbh->prepare("SELECT node_id AS id_ext, node_ip AS ip_ext FROM node WHERE node_id=?");
+$sth->execute([$node_id]);
+$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 
 // options
-$query = "SELECT
-		a.asset_name,
-		n.node_ip,
-		x.nat_ext
-	FROM
-		asset AS a,
-		nat AS x,
-		node AS n
-	WHERE
-		x.nat_ext="  . $node_id . "
-		AND n.node_id=x.nat_int
-		AND a.asset_id=n.asset_id
-	ORDER BY
-		INET_ATON(n.node_ip)";
-
-$nodes = $db->db_select($query);
+$sql = "SELECT x.nat_id, n.node_ip, a.asset_name
+	FROM nat AS x
+	    LEFT JOIN node AS n ON (x.nat_int=n.node_id)
+	    LEFT JOIN asset AS a USING (asset_id) 
+	WHERE x.nat_ext=?
+	ORDER BY INET_ATON(n.node_ip)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
+$nats = $sth->fetchAll();
 
 $options = array();
-foreach ($nodes as $rec) {
-    $options[$rec['nat_ext']] = $rec['node_ip'] . '/' . $rec['asset_name'];
+foreach ($nats as $rec) {
+    $options[$rec['nat_id']] = $rec['node_ip'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("nat_options", $options);
 $smarty->display("natdel.tpl");