Changed database access to PDO using prepared statements

vlansubnetadd.php

@@ -12,42 +12,26 @@ include("includes.php");
 $vlan_id = sanitize($_GET['vlan_id']);
 		
 include("header.php");
-// vlan
-$query = "SELECT
-		vlan_name,
-		vlan_number
-	FROM
-		vlan
-	WHERE
-		vlan_id=" . $vlan_id;
 
-// run query
-$vlan = $db->db_select($query);
+$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number
+        FROM vlan
+        WHERE vlan_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$vlan_id]);
+$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
 
-$smarty->assign("vlan_id", $vlan_id);
-$smarty->assign("vlan_name", $vlan[0]['vlan_name']);
-$smarty->assign("vlan_number", $vlan[0]['vlan_number']);
 	
-// subnet
-$query = " SELECT
-		subnet_id,
-		subnet_address,
-		subnet_mask
-	FROM
-		subnet
-	WHERE
-		subnet_id NOT IN (
-			SELECT
-				subnet_id
-			FROM
-				subnetvlan
-			WHERE
-				vlan_id=" . $vlan_id . "
-		)
-	ORDER BY
-		INET_ATON(subnet_address)";
+// possible subnets to add to vlan
+//   - exclude already assingned subnets from selection
+$sql = "SELECT subnet_id, subnet_address, subnet_mask
+        FROM subnet
+        WHERE subnet_id NOT IN (SELECT subnet_id FROM subnetvlan WHERE vlan_id=?)
+        ORDER BY INET_ATON(subnet_address)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$vlan_id]);
+
+$subnets = $sth->fetchAll();
 
-$subnets = $db->db_select($query);
 foreach ($subnets as $subnet) {
     $subnet_options[$subnet['subnet_id']] = $subnet['subnet_address'].'/'.$subnet['subnet_mask'];
 }