Changed database access to PDO using prepared statements

nodedel.php

@@ -13,21 +13,10 @@ $node_id = sanitize($_GET['node_id']);
 		
 include("header.php");
 
-$query = "SELECT
-		asset_id,
-		node_ip
-	FROM
-		node
-	WHERE
-		node_id=" . $node_id;
-
-// run query
-$node = $db->db_select($query);
-
-// send to tpl
-$smarty->assign("node_id", $node_id);
-$smarty->assign("asset_id", $node[0]['asset_id']);
-$smarty->assign("node_ip", $node[0]['node_ip']);
+$sql = "SELECT node_id AS id, node_ip AS ip, asset_id FROM node WHERE node_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
+$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 	
 $smarty->display("nodedel.tpl");