Changed database access to PDO using prepared statements

subnetdel.php

@@ -14,34 +14,22 @@ $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 	
 // subnet
-$query = "SELECT
-		subnet_address,
-		subnet_mask
-	FROM
-		subnet
-	WHERE
-		subnet_id=" . $subnet_id;
+$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
+        FROM subnet
+        WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
-	
 // node		
-$query = "SELECT
-		node_id,
-		node_ip
-	FROM
-		node
-	WHERE
-		subnet_id=" . $subnet_id . "
-	ORDER BY
-		INET_ATON(node_ip)";
+$sql = "SELECT node_id AS id, node_ip AS ip
+        FROM node
+        WHERE subnet_id=?
+        ORDER BY INET_ATON(node_ip)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("nodes", $sth->fetchAll());
 
-$nodes = $db->db_select($query);
-
-$smarty->assign("nodes", $nodes);
 $smarty->display("subnetdel.tpl");
 		
 include("footer.php");