Changed database access to PDO using prepared statements

vlanview.php

@@ -8,43 +8,28 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 
 include("includes.php");
-		
+
 $vlan_id = sanitize($_GET['vlan_id']);
 		
 include("header.php");
 
 // vlan
-$query = "SELECT
-	vlan_name,
-	vlan_number,
-	vlan_info
-FROM
-	vlan
-WHERE
-	vlan_id=" . $vlan_id;
-
-$vlan = $db->db_select($query);
-        
-$smarty->assign("vlan_id", $vlan_id);
-$smarty->assign("vlan_name", $vlan[0]['vlan_name']);
-$smarty->assign("vlan_number", $vlan[0]['vlan_number']);
-$smarty->assign("vlan_info", nl2br($vlan[0]['vlan_info']));
+$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
+            vlan_info AS info
+        FROM vlan
+        WHERE vlan_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$vlan_id]);
+$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
 
 // subnets
-$query = "SELECT
-	s.subnet_id,
-	s.subnet_address,
-	s.subnet_mask,
-	s.subnet_info
-FROM
-	subnet AS s LEFT JOIN subnetvlan AS v USING (subnet_id)
-WHERE
-	v.vlan_id=" . $vlan_id . "
-ORDER BY
-	INET_ATON(s.subnet_address)";
-		
-$subnets = $db->db_select($query);
-$smarty->assign("subnets", $subnets);
+$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask, s.subnet_info
+        FROM subnet AS s LEFT JOIN subnetvlan AS v USING (subnet_id)
+        WHERE v.vlan_id=?
+        ORDER BY INET_ATON(s.subnet_address)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$vlan_id]);
+$smarty->assign("subnets", $sth->fetchAll());
 
 $smarty->display("vlanview.tpl");