Changed database access to PDO using prepared statements

natedit.php

@@ -13,18 +13,11 @@ $node_id = sanitize($_GET['node_id']);
 		
 include("header.php");
 
-$query = "SELECT
-	node_ip
-FROM
-	node
-WHERE
-	node.node_id=" . $node_id;
+$sql = "SELECT node_id AS id, node_ip AS ip FROM node WHERE node.node_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
+$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 
-$node = $db->db_select($query);
-		
-$smarty->assign("node_id", $node_id);
-$smarty->assign("node_ip", $node[0]['node_ip']);
-	
 $smarty->display("natedit.tpl");
 
 include("footer.php");