Changed database access to PDO using prepared statements

subnetlocationadd.php

@@ -13,21 +13,16 @@ $subnet_id = sanitize($_GET['subnet_id']);
 		
 include("header.php");
 		
-$query = "SELECT
-		subnet_address,
-		subnet_mask
-	FROM
-		subnet
-	WHERE
-		subnet_id=" . $subnet_id;
-
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
+$sql = "SELECT subnet_id AS id, subnet_address AS address,
+            subnet_mask AS mask
+        FROM subnet
+        WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$zone_id]);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 	
-$smarty->assign("location_options", $db->options_location());
+$smarty->assign("location_options", db_get_options_location());
+
 $smarty->display("subnetlocationadd.tpl");
 
 include("footer.php");