Changed database access to PDO using prepared statements

zonedel.php

@@ -13,11 +13,11 @@ $zone_id = sanitize($_GET['zone_id']);
 		
 include("header.php");
 		
-$query = "SELECT zone_id, zone_origin, zone_serial FROM zone WHERE zone_id=" . $zone_id;
-$zone = $db->db_select($query);
+$sth = $dbh->prepare("SELECT zone_id, zone_origin, zone_serial FROM zone WHERE zone_id=?");
+$sth->execute($sql);
+$smarty->assign("zone", $sth->fetchAll(PDO::FETCH_ASSOC));
 
-$smarty->assign("zone", $zone[0]);
 $smarty->display("zonedel.tpl");
-		
+
 include("footer.php");
 ?>