Changed database access to PDO using prepared statements

vlandel.php

@@ -13,19 +13,13 @@ $vlan_id = sanitize($_GET['vlan_id']);
 		
 include("header.php");
 		
-$query = "SELECT
-	vlan_name,
-	vlan_number
-FROM
-	vlan
-WHERE
-	vlan_id=" . $vlan_id;
-		
-$vlan = $db->db_select($query);
-		
-$smarty->assign("vlan_id", $vlan_id);
-$smarty->assign("vlan_name", $vlan[0]['vlan_name']);
-$smarty->assign("vlan_number", $vlan[0]['vlan_number']);
+$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number
+        FROM vlan
+        WHERE vlan_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$zone_id]);
+$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
+
 $smarty->display("vlandel.tpl");
 		
 include("footer.php");