diff --git a/include/cookies.php b/include/cookies.php
index 05e2f0d..9fdc5b8 100644
--- a/include/cookies.php
+++ b/include/cookies.php
@@ -25,7 +25,6 @@ function mt_get_cookie_login() {
 
 // Store username and password in a cookie
 function mt_setcookie($username, $password, $already_md5 = false, $siteurl = '', $remember = false) {
-	global $mtdb;
 	if ( !$already_md5 )
 		$password = mt_hash_password($password);
 
diff --git a/include/nonce.php b/include/nonce.php
index 2b11f24..6022daa 100644
--- a/include/nonce.php
+++ b/include/nonce.php
@@ -73,7 +73,7 @@ function wp_nonce_ays($action) {
 }
 
 function mt_explain_nonce($action) {
-	global $mtdb;
+	global $dbConnection;
 	$c = explode('-',$action);
 	$i = (int)$c[2];
 
@@ -110,12 +110,12 @@ function mt_explain_nonce($action) {
 		if( false !== strpos( $t, '%' ) ) {
 
 			switch( $c[1] ) {
-				case 'rant':	$v = $mtdb->getOne('SELECT title FROM rant WHERE id=' . $i); break;
-				case 'strip':	$v = $mtdb->getOne('SELECT id FROM strip WHERE id=' . $i); break;
-				case 'type':	$v = $mtdb->getOne('SELECT name FROM strip_t WHERE id=' . $i); break;
-				case 'metatype':$v = $mtdb->getOne('SELECT name FROM meta_t WHERE id=' . $i); break;
+				case 'rant':	$v = $dbConnection->fetchColumn('SELECT title FROM rant WHERE id = ?', array($i)); break;
+				case 'strip':	$v = $dbConnection->fetchColumn('SELECT id FROM strip WHERE id = ?', array($i)); break;
+				case 'type':	$v = $dbConnection->fetchColumn('SELECT name FROM strip_t WHERE id = ?', array($i)); break;
+				case 'metatype':$v = $dbConnection->fetchColumn('SELECT name FROM meta_t WHERE id = ?', array($i)); break;
 				case 'extra':   $temp = extra_file_from_inode($i); $v = $temp->name; break;
-				case 'twitteruser': $v = $mtdb->getOne('SELECT username FROM twitter_user WHERE id=' . $i); break;
+				case 'twitteruser': $v = $dbConnection->fetchColumn('SELECT username FROM twitter_user WHERE id = ?', array($i)); break;
 				default:		$v = $i;
 			}
 
diff --git a/include/strip.php b/include/strip.php
index 82eca8c..c85eb05 100644
--- a/include/strip.php
+++ b/include/strip.php
@@ -3,8 +3,16 @@
 // Book: The offset from 0 at the beginning of time
 // Page: The offset from 0 at the beginning of the volume
 
-class Strip {
-	var $id, $old_id, $published, $media, $type, $title, $book, $page;
+class Strip
+{
+	public $id;
+	public $old_id;
+	public $published;
+	public $media;
+	public $type;
+	public $title;
+	public $book;
+	public $page;
 }
 
 // old_id is used to detect alterations to the strip id in forms. Not saved in database.
@@ -12,29 +20,31 @@ class Strip {
 
 // Strip id is automatically incremented
 function insertstrip(&$strip) {
-	global $mtdb;
+	global $dbConnection;
 
 	$strip->book = ($strip->book == '') ? 'NULL' : (int)$strip->book;
 	$strip->page = ($strip->page == '') ? 'NULL' : (int)$strip->page;
 
-	$mtdb->query('START TRANSACTION');
-	$newid = $mtdb->getOne('SELECT MAX(id) FROM strip') + 1;
-	$sql = 'INSERT INTO strip ( id, published, media, type, title, book, page ) VALUES ('
-		. $newid
-		. ', FROM_UNIXTIME(' . (int)$strip->published
-		. '), '. (int)$strip->media
-		. ', ' . (int)$strip->type
-		. ', "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) )
-		. '", '. $strip->book
-		. ', ' . $strip->page
-		. ')';
-
-	$r = $mtdb->query( $sql );
+	$dbConnection->beginTransaction();
+	$newid = $dbConnection->fetchColumn('SELECT MAX(id) FROM strip') + 1;
+
+	$sql = 'INSERT INTO strip (id, published, media, type, title, book, page) VALUES(?, FROM_UNIXTIME(?), ?, ?, ?, ?, ?)';
+	$stmt = $dbConnection->prepare($sql);
+
+	$stmt->bindValue(1, $newid);
+	$stmt->bindValue(2, $strip->published, PDO::PARAM_INT);
+	$stmt->bindValue(3, $strip->media, PDO::PARAM_INT);
+	$stmt->bindValue(4, $strip->type, PDO::PARAM_INT);
+	$stmt->bindValue(5, trim($strip->title));
+	$stmt->bindValue(6, $strip->book);
+	$stmt->bindValue(7, $strip->page);
+
+	$r = $stmt->execute();
 	if( !$r ) {
-		$mtdb->query('ROLLBACK');
+		$dbConnection->rollback();
 		return false;
 	}
-	$mtdb->query('COMMIT');
+	$dbConnection->commit();
 	adminlog("Comic ".$newid." posted.", MTS_STRIP, MTA_ADD);
 
 	$strip->id = $newid;
@@ -43,22 +53,26 @@ function insertstrip(&$strip) {
 }
 
 function updatestrip(&$strip) {
-	global $mtdb;
+	global $dbConnection;
 
 	$strip->book = ($strip->book === '') ? 'NULL' : (int)$strip->book;
 	$strip->page = ($strip->page === '') ? 'NULL' : (int)$strip->page;
 
-	$mtdb->query('START TRANSACTION');
-	$sql = 'UPDATE strip SET
-		published = FROM_UNIXTIME(' . (int)$strip->published .')
-		, media = '. (int)$strip->media .'
-		, type = ' . (int)$strip->type .'
-		, title = "' . mysqli_real_escape_string( $mtdb->link, trim($strip->title) ) .'"
-		, book = ' . (int)$strip->book .'
-		, page = ' . (int)$strip->page .'
-		WHERE id = ' . (int)$strip->id;
-	$mtdb->query( $sql );
-	$mtdb->query('COMMIT');
+	$dbConnection->beginTransaction();
+
+	$sql = 'UPDATE strip SET published = FROM_UNIXTIME(?), media = ?, type = ?, title = ?, book = ?, page = ? WHERE id = ?';
+	$stmt = $dbConnection->prepare($sql);
+
+	$stmt->bindValue(1, $strip->published, PDO::PARAM_INT);
+	$stmt->bindValue(2, $strip->media, PDO::PARAM_INT);
+	$stmt->bindValue(3, $strip->type, PDO::PARAM_INT);
+	$stmt->bindValue(4, trim($strip->title));
+	$stmt->bindValue(5, $strip->book, PDO::PARAM_INT);
+	$stmt->bindValue(6, $strip->page, PDO::PARAM_INT);
+	$stmt->bindValue(7, $strip->id, PDO::PARAM_INT);
+
+	$stmt->execute();
+	$dbConnection->commit();
 	adminlog("Comic ".$strip->id." modified.", MTS_STRIP, MTA_MODIFY);
 	return true;
 }
@@ -66,12 +80,12 @@ function updatestrip(&$strip) {
 // Delete destination strip from DB and FS, and Update/Rename the source strip into place. Destructive Move!
 function move_strip($from_id, $to_id)
 {
-	global $mtdb;
+	global $dbConnection;
 	$from_id = (int) $from_id;
 	$to_id = (int) $to_id;
 
 	// Ensure our source exists
-	$num_strips = $mtdb->getOne( "SELECT COUNT(*) FROM strip WHERE id = $from_id" );
+	$num_strips = $dbConnection->fetchColumn('SELECT COUNT(*) FROM strip WHERE id = ?', array($from_id));
 	if($num_strips < 1)
 		mtdie("Cannot move strip number $from_id, because it cannot be found in database.");
 
@@ -79,8 +93,8 @@ function move_strip($from_id, $to_id)
 	deletestrip( $to_id );
 
 	// Update database
-	$mtdb->query( "UPDATE strip SET id = $to_id WHERE id = $from_id" );
-	$strip = $mtdb->getRow( "SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = $to_id" );
+	$dbConnection->executeUpdate('UPDATE strip SET id = ? WHERE id = ?', array($to_id, $from_id));
+	$strip = $dbConnection->executeQuery('SELECT strip.id, extension FROM strip, media_t WHERE media_t.id = strip.media AND strip.id = ?', array($to_id))->fetch();
 
 	// Update filesystem
 	foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d.*', $from_id)) as $item) {
@@ -101,8 +115,8 @@ function deletestrip($id) {
 	$id = (int)$id;
 	if ( !$id ) return false;
 
-	global $mtdb;
-	$r = $mtdb->query( 'DELETE FROM strip WHERE id=' . $id );
+	global $dbConnection;
+	$r = $dbConnection->executeUpdate('DELETE FROM strip WHERE id = ?', array($id));
 	foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/%04d*.*', $id)) as $item)
 		unlink($item);
 	foreach(glob(sprintf(SITE_PATH_ABS.'/'.SITE_STRIP.'/restricted/%04d*.*', $id)) as $item)
@@ -112,19 +126,19 @@ function deletestrip($id) {
 }
 
 function getstrip($id) {
-	global $mtdb;
-	return $mtdb->getRow( 'SELECT id, UNIX_TIMESTAMP(published) as published, type, media, title, book, page FROM strip WHERE id=' . (int)$id);
+	global $dbConnection;
+	return $dbConnection->executeQuery('SELECT id, UNIX_TIMESTAMP(published) as published, type, media, title, book, page FROM strip WHERE id = ?', array($id))->fetch();
 }
 
 function get_stripimage_filename( $strip ) {
-	global $mtdb;
-	$ext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$strip->media ); // filename extension
+	global $dbConnection;
+	$ext = $dbConnection->fetchColumn('SELECT extension FROM media_t WHERE id = ?', array($strip->media)); // filename extension
 	return sprintf( '%s/%04d.%s', SITE_STRIP, $strip->id, $ext );
 }
 
 function get_stripid_by_rantid($rantid) {
-	global $mtdb;
-	return $mtdb->getOne('SELECT MAX(strip.id) FROM strip,rant WHERE strip.published<=rant.published AND rant.id=' . (int)$rantid);
+	global $dbConnection;
+	return $dbConnection->fetchColumn('SELECT MAX(strip.id) FROM strip, rant WHERE strip.published <= rant.published AND rant.id = ?', array($rantid));
 }
 
 ?>
diff --git a/include/transcript.php b/include/transcript.php
index 2697e25..7b7a64b 100644
--- a/include/transcript.php
+++ b/include/transcript.php
@@ -17,9 +17,9 @@ function bracketbalance($line)
 // Retrieve transcript for this strip from the database, modifying the strip object.
 function gettranscript(&$strip)
 {
-	global $mtdb;
+	global $dbConnection;
 
-	$result = $mtdb->query('SELECT strip FROM transcript WHERE strip=' . (int)$strip->id );
+	$result = $dbConnection->executeQuery('SELECT strip FROM transcript WHERE strip = ?', array($strip->id));
 
 	if($result)
 	{
@@ -30,16 +30,16 @@ function gettranscript(&$strip)
 		# either way, I care not
 		Might be able to exchange this loop of getOne()s for a getAll() call.
 		*/
-		$numPanels = $mtdb->getOne( 'SELECT MAX(panel) FROM transcript WHERE transcript.strip=' . (int)$strip->id );
+		$numPanels = $dbConnection->fetchColumn('SELECT MAX(panel) FROM transcript WHERE strip = ?', array($strip->id));
 		if( $numPanels ) {
 			for($i = 1; $i <= $numPanels; $i++) {
-				$result = $mtdb->query( 'SELECT speaker, speech FROM transcript WHERE transcript.strip=' . (int)$strip->id . ' AND panel=' .$i.' ORDER BY line')
-					or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . mysqli_error(), 'SQL Error');
+				$result = $dbConnection->executeQuery('SELECT speaker, speech FROM transcript WHERE transcript.strip = ? AND panel = ? ORDER BY line', array($strip->id, $i))
+					or mtdie("There was an error fetching the panel count in the transcript for $strip->id, panel $i. " . $dbConnection->errorCode(), 'SQL Error');
 
 				if(!$result) continue;
 
 				$output.= "\nnewpanel\n";
-				while($row = mysqli_fetch_row($result)) {
+				while($row = $result->fetch(PDO::FETCH_NUM)) {
 					if(strlen($row[0]) < 1) continue;
 
 					$output.= $row[0];
@@ -56,16 +56,17 @@ function gettranscript(&$strip)
 
 // Parse submitted transcript from strip object, and insert it into the database.
 function savetranscript( &$strip ) {
-	global $mtdb;
+	global $dbConnection;
 	$info = '';
 
-	$mtdb->query('START TRANSACTION');
+	$dbConnection->beginTransaction();
 
 	//remove any old transcript data - it's being replaced
-	$mtdb->query( 'DELETE FROM transcript WHERE transcript.strip=' . (int)$strip->id );
+	$dbConnection->executeUpdate('DELETE FROM transcript WHERE transcript.strip = ?', array($strip->id)));
 
 	if( $strip->transcript_posted ) {
-		$inserter = 'INSERT INTO transcript (strip,panel,line,speaker,speech,search) VALUES (%d,%d,%d,"%s","%s","%s")';
+		$inserter = 'INSERT INTO transcript (strip, panel, line, speaker, speech, search) VALUES (?, ?, ?, ?, ?, ?)';
+		$inserter_types = array(PDO::PARAM_INT, PDO::PARAM_INT, PDO::PARAM_INT, PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_STR);
 
 		if(strpos($strip->transcript_posted, 'Panel <$n>') !== FALSE) {
 			# This is probably a scrivener script
@@ -83,11 +84,11 @@ function savetranscript( &$strip ) {
 				$has_spoken = true;
 
 				for($j = 0; $j < count($lines); $j++) {
-					$insert_sql = '';
+					$inserter_values = array();
 
 					if(strpos($lines[$j], '(') === 0) {
 						# Line is a note, add it as a comment
-						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), '');
+						$inserter_values = array($strip->id, $i, $j, '#', $lines[$j], '');
 					} elseif(strpos($lines[$j], '[') === 0 || strlen($lines[$j]) == 0) {
 						# Line is an annotation or blank, do nothing
 						continue;
@@ -95,13 +96,13 @@ function savetranscript( &$strip ) {
 						# Line contains a list of nonspeaking characters
 						array_splice($lines, $j, 1, array_map('_nospeaker', explode(',', substr($lines[$j], 11))));
 						$speaker = trim(substr($lines[$j], 11));
-						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
+						$inserter_values = array($strip->id, $i, $j, $speaker, '', '');
 					} elseif($i > 0 && $lines[$j] == strtoupper($lines[$j])) {
 						# Line designates a new speaker, note speaker
 
 						# Handle speakers who did not say anything
 						if(null !== $speaker && !$has_spoken)
-							$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
+							$inserter_values = array($strip->id, $i, $j, $speaker, '', '');
 
 						$speaker = ucfirst(strtolower($lines[$j]));
 						$has_spoken = false;
@@ -111,25 +112,24 @@ function savetranscript( &$strip ) {
 							$info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($speaker).'</p>';
 
 						$search = preg_replace( '/[[:punct:]]|(?<=\s)\s+/', ' ', strtolower($lines[$j]) );
-						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker),
-								mysqli_real_escape_string($mtdb->link, $lines[$j]), mysqli_real_escape_string($mtdb->link, $search));
+						$inserter_values = array($strip->id, $i, $j, $speaker, $lines[$j], $search);
 						$has_spoken = true;
 					} else {
 						# Line is unrecognized, add it as a comment
-						$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, '#', mysqli_real_escape_string($mtdb->link, $lines[$j]), '');
+						$inserter_values = array($strip->id, $i, $j, '#', $lines[$j], '');
 					}
 
-					if( $insert_sql && false === $mtdb->query( $insert_sql ) ) {
-						$mtdb->query('ROLLBACK');
-						mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
+					if( $inserter_values && false === $dbConnection->executeUpdate($insert_sql, $inserter_values, $inserter_types) ) {
+						$dbConnection->rollback();
+						mtdie ($dbConnection->errorCode(), 'Error inserting transcript.');
 					}
 				}
 
 				if(null !== $speaker && !$has_spoken) {
-					$insert_sql = sprintf($inserter, (int)$strip->id, $i, $j, mysqli_real_escape_string($mtdb->link, $speaker), '', '');
-					if( false === $mtdb->query( $insert_sql ) ) {
-						$mtdb->query('ROLLBACK');
-						mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
+					$inserter_values = array($strip->id, $i, $j, $speaker, '', '');
+					if( false === $dbConnection->executeUpdate($insert_sql, $inserter_values, $inserter_types) ) {
+						$dbConnection->rollback();
+						mtdie ($dbConnection->errorCode(), 'Error inserting transcript.');
 					}
 				}
 			}
@@ -160,17 +160,16 @@ function savetranscript( &$strip ) {
 					if(!bracketbalance($spoken[1]))
 						$info .= "<p>Warning: Open brackets do not match close brackets in panel $i for speaker ".htmlentities($spoken[0]).'</p>';
 
-					$insert_sql = sprintf($inserter, (int)$strip->id, (int)$i, (int)$j, mysqli_real_escape_string($mtdb->link, $spoken[0]),
-							mysqli_real_escape_string($mtdb->link, $spoken[1]), mysqli_real_escape_string($mtdb->link, $spoken[2]) );
-					if( false === $mtdb->query( $insert_sql ) ) {
-						$mtdb->query('ROLLBACK');
-						mtdie (mysqli_error($mtdb->link), 'Error inserting transcript.');
+					$inserter_values = array($strip->id, $i, $j, $spoken[0], $spoken[1], $spoken[2]);
+					if( false === $dbConnection->executeUpdate($insert_sql, $inserter_values, $inserter_types) ) {
+						$dbConnection->rollback();
+						mtdie ($dbConnection->errorCode(), 'Error inserting transcript.');
 					}
 				}
 			}
 		}
 	}
-	$mtdb->query('COMMIT');
+	$dbConnection->commit();
 	return $info;
 }
 
diff --git a/include/twitter.php b/include/twitter.php
index b73dd93..6404edf 100644
--- a/include/twitter.php
+++ b/include/twitter.php
@@ -2,7 +2,7 @@
 
 function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS)
 {
-	global $mtdb, $info, $error;
+	global $dbConnection, $info, $error;
 	if( $user == '' ) {
 		# preserve existing twitterpost(message) style posting until OAuth has been vetted.
 		$user = TWITTER_USER;
@@ -25,7 +25,7 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS)
 
 	} else {
 		# OAuth Mode
-		$row = $mtdb->getRow( sprintf('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $user)));
+		$row = $dbConnection->executeQuery('SELECT id, username, oauth_token, oauth_token_secret FROM twitter_user WHERE username = ?', array($user))->fetch();
 
 		$username = $row->username;
 		$oauth_token = $row->oauth_token;
@@ -55,7 +55,7 @@ function twitterpost($message, $user=TWITTER_USER, $password=TWITTER_PASS)
 function setOAuthTokens($userid,$oauth_token,$oauth_token_secret, $username) {
 	global $mtdb;
 	$id = (int)$userid;
-	if( $mtdb->query( sprintf('UPDATE twitter_user SET oauth_token="%s", oauth_token_secret="%s", username="%s" WHERE id=%d', mysqli_real_escape_string($mtdb->link, $oauth_token), mysqli_real_escape_string($mtdb->link, $oauth_token_secret), mysqli_real_escape_string($mtdb->link, $username), $id )) )
+	if ($dbConnection->executeUpdate('UPDATE twitter_user SET oauth_token = ?, oauth_token_secret = ?, username = ? WHERE id = ?', array($oauth_token, $oauth_token_secret, $username, $id)))
 		return true;
 	return false;
 }
diff --git a/include/type.php b/include/type.php
index e3741b3..f298165 100644
--- a/include/type.php
+++ b/include/type.php
@@ -3,21 +3,23 @@
 /* Types */
 
 function get_typeByID( $id ) {
-	global $mtdb;
+	global $dbConnection;
 	$id = (int)$id;
-	$r = $mtdb->getRow( 'SELECT id, name, description FROM strip_t WHERE id=' . $id );
-	$r->meta = $mtdb->getAll( 'SELECT meta as id from meta where type=' . $id);
+	$stmt = $dbConnection->executeQuery('SELECT id, name, description FROM strip_t WHERE id = ?', array($id));
+	$r = $stmt->fetch();
+	$r->meta = $dbConnection->fetchAll('SELECT meta AS id FROM meta WHERE type = ?',  array($id));
 	return $r;
 }
 
 function get_allTypes() {
-	global $mtdb;
-	return $mtdb->getRow( 'SELECT id, name, description, meta FROM strip_t' );
+	global $dbConnection;
+	$stmt = $dbConnection->executeQuery('SELECT id, name, description, meta FROM strip_t');
+	return $stmt->fetch();
 }
 
 function get_allMetaTypes() {
-	global $mtdb;
-	return $mtdb->getAll("SELECT id, name FROM meta_t");
+	global $dbConnection;
+	return $dbConnection->fetchAll('SELECT id, name FROM meta_t');
 }
 
 function _getMetaNameFromObject($obj) {
diff --git a/include/uploads.php b/include/uploads.php
index 796d193..0d9d670 100644
--- a/include/uploads.php
+++ b/include/uploads.php
@@ -86,11 +86,11 @@ function save_upload_rant_image( $source, $rant ) {
 
 function save_upload_rant_attachment( $source, $rant )
 {
-	global $mtdb;
+	global $dbConnection;
 
 	$image_data = getimagesize( $source );
-	$mtdb->query( "INSERT INTO rant_attachment (rant, media) VALUES ($rant, $image_data[2])" );
-	$rant_attachment_id = mysqli_insert_id( $mtdb->link );
+	$dbConnection->executeUpdate('INSERT INTO rant_attachment (rant, media) VALUES (?, ?)', array($rant, $image_data[2]));
+	$rant_attachment_id = $dbConnection->lastInsertId();
 
 	if( move_uploaded_file($source, SITE_PATH_ABS.'/'.get_rantattachment_filename($rant_attachment_id) ) ) {
 		$upload_info='<p>New rant attachment uploaded for rant '. $rant .'.</p>';
diff --git a/include/user.php b/include/user.php
index 0a2924a..b658430 100644
--- a/include/user.php
+++ b/include/user.php
@@ -1,6 +1,6 @@
 <?php
 
-$currentuser=false;
+$currentuser = false;
 
 function getCurrentUser() {
 	global $currentuser;
@@ -8,28 +8,28 @@ function getCurrentUser() {
 }
 
 function get_userdatabyid( $id ) {
-	global $mtdb;
-	return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE id = ' . (int)$id );
+	global $dbConnection;
+	return $dbConnection->executeQuery('SELECT id, name, email, nameplate, default_image, default_link FROM contributor WHERE id = ?', array($id))->fetch();
 }
 
 function get_userdatabylogin( $username ) {
-	global $mtdb;
-	return $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"' );
+	global $dbConnection;
+	return $dbConnection->executeQuery('SELECT id, name, email, nameplate, default_image, default_link FROM contributor WHERE name LIKE ?', array($username))->fetch();
 }
 
 function save_userdata( $user ) {
 	adminlog("Saved changes to user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE);
-	global $mtdb;
-	return $mtdb->query( sprintf( 'UPDATE contributor SET email="%s", nameplate="%s", default_image="%s", default_link="%s" WHERE id=%d',
-		mysqli_real_escape_string($mtdb->link, $user->email), mysqli_real_escape_string($mtdb->link, $user->nameplate),
-		mysqli_real_escape_string($mtdb->link, $user->default_image), mysqli_real_escape_string($mtdb->link, $user->default_link), $user->id) );
+	global $dbConnection;
+
+	return $dbConnection->executeUpdate('UPDATE contributor SET email = ?, nameplate = ?, default_image = ?, default_link = ? WHERE id = ?',
+		array($user->email, $user->nameplate, $user->default_image, $user->default_link, $user->id));
 }
 
 function change_password( $user ) {
 	adminlog("Changed password for user ".$user->id." (".$user->name.").", MTS_USER, MTA_UPDATE);
-	global $mtdb, $currentuser;
+	global $dbConnection, $currentuser;
 	if( $currentuser->id === $user->id ) mt_setcookie($user->name, $user->password, false, ADMINURL, FALSE );
-	return $mtdb->query( 'UPDATE contributor SET password=SHA1( "' . mysqli_real_escape_string($mtdb->link, $user->password) . '" ) WHERE id = "' . mysqli_real_escape_string($mtdb->link, $user->id) . '"' );
+	return $dbConnection->executeUpdate('UPDATE contributor SET password = SHA1(?) WHERE id = ?', array($user->password, $user->id));
 }
 
 ?>