Changed database access to PDO using prepared statements

vlanedit.php

@@ -13,22 +13,14 @@ $vlan_id = sanitize($_GET['vlan_id']);
 		
 include("header.php");
 
-	// setup vlan
-$query = "SELECT
-	vlan_name,
-	vlan_number,
-	vlan_info
-FROM
-	vlan
-WHERE
-	vlan_id=" . $vlan_id;
-		
-$vlan = $db->db_select($query);
-		
-$smarty->assign("vlan_id", $vlan_id);
-$smarty->assign("vlan_name", $vlan[0]['vlan_name']);
-$smarty->assign("vlan_number", $vlan[0]['vlan_number']);
-$smarty->assign("vlan_info", $vlan[0]['vlan_info']);
+$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
+            vlan_info AS info
+        FROM vlan
+        WHERE vlan_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$vlan_id]);
+$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
+
 $smarty->display("vlanedit.tpl");
 
 include("footer.php");