Changed database access to PDO using prepared statements

userdel.php

@@ -13,18 +13,11 @@ $user_id = sanitize($_GET['user_id']);
 		
 include("header.php");
 		
-$query = "SELECT
-	user_name
-FROM
-	user
-WHERE
-	user_id=" . $user_id;
-
-$user = $db->db_select($query);
+$sth = $dbh->prepare("SELECT user_id AS id user_name AS user_name FROM user WHERE user_id=?");
+$dbh->execute([$user_id]);
 		
-$smarty->assign("user_id", $user_id);
-$smarty->assign("user_name", $user[0]['user_name']);
-	
+$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
+
 $smarty->display("userdel.tpl");
 
 include("footer.php");