Changed database access to PDO using prepared statements

2023-02-22 10:50:24 +01:00
parent a4ecd1bff7
commit 7c300e0a8f
132 changed files with 5364 additions and 6091 deletions
--- a/zoneview.php
+++ b/zoneview.php
@@ -13,19 +13,17 @@ $zone_id = sanitize($_GET['zone_id']);

 include("header.php");

-$query = "SELECT
-	zone_id, zone_soa, zone_hostmaster, zone_origin, zone_ttl_default,
-	zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
-	zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info
-FROM
-	zone
-WHERE
-	zone_id=" . $zone_id;
+$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin,
+            zone_ttl_default, zone_refresh, zone_retry, zone_expire,
+            zone_ttl, zone_serial, zone_ns1, zone_ns2, zone_ns3,
+            zone_mx1, zone_mx2, zone_info
+        FROM zone
+        WHERE zone_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$zone_id]);
+$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));

-$zone = $db->db_select($query);
-
-$smarty->assign("zone", $zone[0]);
 $smarty->display("zoneview.tpl");

 include("footer.php");
-?>
+?>