@ -24,7 +24,9 @@ $method = $_SERVER['REQUEST_METHOD'];
break;
case "delete":
$id = $_POST['id'];
$query = query("DELETE from calendar_events WHERE id = :id") or error(db_error());
$query = prepare("DELETE from calendar_events WHERE id = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
break;
case "update":
$id = $_POST['id'];
@ -32,6 +34,8 @@ $method = $_SERVER['REQUEST_METHOD'];
$description = $_POST['description'];
$start = $_POST['start'];
$end = $_POST['end'];
$color = $_POST['color'];
$url = $_POST['url'];
$query = prepare(" UPDATE calendar_events SET title = :title, description = :description, start = :start, end = :end, url = :url, color =:color WHERE id = :id");
$query->bindValue(':id', $id);
$query->bindValue(':title', $title);