Changed database access to PDO using prepared statements

zoneedit.php

@@ -12,19 +12,16 @@ include("includes.php");
 $zone_id = sanitize($_GET['zone_id']);
 
 include("header.php");
-$query = "SELECT
-	zone_id, zone_soa, zone_hostmaster, zone_origin, zone_ttl_default,
-	zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
-	zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info
-FROM
-	zone
-WHERE
-	zone_id=" . $zone_id;
-		
-$zone = $db->db_select($query);
+$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin, zone_ttl_default,
+            zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
+            zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info
+        FROM zone
+        WHERE zone_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$zone_id]);
+$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
 
-$smarty->assign("zone", $zone[0]);
 $smarty->display("zoneedit.tpl");
 
 include("footer.php");
-?>
+?>