1 files changed, 6 insertions, 5 deletions

diff --git a/lib/notes/new.php b/lib/notes/new.php
index 1213b94..adad015 100644
--- a/lib/notes/new.php
+++ b/lib/notes/new.php
@@ -6,12 +6,12 @@ assert_redir(count($args) == 3, 'notes');
 $parentid = intval($args[2]);
 
 if ($parentid != 0) {
-	$parent = mysql_fetch_assoc(sql(
+	$parent = sql(
 		"SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ".
 		"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
 		"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
 		"WHERE na.id = $parentid"
-	));
+	)->fetch();
 	assert_error($parent && $parent['owner'] == $user['id'],
 		"The selected parent does not exist, or you cannot create children for it.");
 }
@@ -28,9 +28,10 @@ if (isset($_POST['title']) && isset($_POST['text'])) {
 		$error = "You must enter a title for your note";
 	} else {
 		sql("INSERT INTO notes(owner, parent, title, text, text_html, public) ".
-			"VALUES(" . $user['id'] . ", $parentid, '" . escs($note_title) . "', '" . 
-				escs($note_text) . "', '" . escs($note_html) . "', ". ($note_public?'1':'0') . ")");
-		header("Location: view-notes-" . mysql_insert_id());
+			"VALUES(?, ?, ?, ?, ?, ". ($note_public?'1':'0') . ")",
+				$user['id'], $parentid, escs($note_title),
+				escs($note_text), escs($note_html));
+		header("Location: view-notes-" . $sql_conn->lastInsertId());
 		die();
 	}
 }