diff --git a/src/fight.php b/src/fight.php
index d8a47aa..d198a77 100644
--- a/src/fight.php
+++ b/src/fight.php
@@ -353,8 +353,7 @@ function victory() {
     if ($userrow["currentmonsterhp"] != 0) { header("Location: index.php?do=fight"); die(); }
     if ($userrow["currentfight"] == 0) { header("Location: index.php"); die(); }
 
-    $monsterquery = doquery("SELECT * FROM {{table}} WHERE id='".$userrow["currentmonster"]."' LIMIT 1", "monsters");
-    $monsterrow = mysql_fetch_array($monsterquery);
+	$monsterrow = get_monster($userrow['currentmonster']);
 
     $exp = rand((($monsterrow["maxexp"]/6)*5),$monsterrow["maxexp"]);
     if ($exp < 1) { $exp = 1; }
@@ -365,8 +364,7 @@ function victory() {
     if ($userrow["experience"] + $exp < 16777215) { $newexp = $userrow["experience"] + $exp; $warnexp = ""; } else { $newexp = $userrow["experience"]; $exp = 0; $warnexp = "You have maxed out your experience points."; }
     if ($userrow["gold"] + $gold < 16777215) { $newgold = $userrow["gold"] + $gold; $warngold = ""; } else { $newgold = $userrow["gold"]; $gold = 0; $warngold = "You have maxed out your experience points."; }
 
-    $levelquery = doquery("SELECT * FROM {{table}} WHERE id='".($userrow["level"]+1)."' LIMIT 1", "levels");
-    if (mysql_num_rows($levelquery) == 1) { $levelrow = mysql_fetch_array($levelquery); }
+	$levelrow = db()->query('SELECT * FROM levels WHERE id=? LIMIT 1;', [$userrow['level'] + 1])->fetchArray(SQLITE3_ASSOC);
 
     if ($userrow["level"] < 100) {
         if ($newexp >= $levelrow[$userrow["charclass"]."_exp"]) {
@@ -400,9 +398,8 @@ function victory() {
             $newspell = "";
             $page = "Congratulations. You have defeated the ".$monsterrow["name"].".<br>You gain $exp experience. $warnexp <br>You gain $gold gold. $warngold <br><br>";
 
-            if (rand(1,30) == 1) {
-                $dropquery = doquery("SELECT * FROM {{table}} WHERE mlevel <= '".$monsterrow["level"]."' ORDER BY RAND() LIMIT 1", "drops");
-                $droprow = mysql_fetch_array($dropquery);
+            if (rand(1, 30) === 1) {
+				$droprow = db()->query('SELECT * FROM drops WHERE mlevel <= ? ORDER BY RANDOM() LIMIT 1;', [$monsterrow['level']])->fetchArray(SQLITE3_ASSOC);
                 $dropcode = "dropcode='".$droprow["id"]."',";
                 $page .= "This monster has dropped an item. <a href=\"index.php?do=drop\">Click here</a> to reveal and equip the item, or you may also move on and continue <a href=\"index.php\">exploring</a>.";
             } else {
@@ -414,32 +411,28 @@ function victory() {
         }
     }
 
-    $updatequery = doquery("UPDATE {{table}} SET currentaction='Exploring',level='$newlevel',maxhp='$newhp',maxmp='$newmp',maxtp='$newtp',strength='$newstrength',dexterity='$newdexterity',attackpower='$newattack',defensepower='$newdefense', $newspell currentfight='0',currentmonster='0',currentmonsterhp='0',currentmonstersleep='0',currentmonsterimmune='0',currentuberdamage='0',currentuberdefense='0',$dropcode experience='$newexp',gold='$newgold' WHERE id='".$userrow["id"]."' LIMIT 1", "users");
-
+	db()->query("UPDATE users SET currentaction='Exploring', level=?, maxhp=?, maxmp=?, maxtp=?, strength=?, dexterity=?, attackpower=?, defensepower=?, $newspell currentfight=0, currentmonster=0, currentmonsterhp=0, currentmonstersleep=0, currentmonsterimmune=0, currentuberdamage=0, currentuberdefense=0,$dropcode experience=?, gold=? WHERE id=?;", [
+		$newlevel, $newhp, $newmp, $newtp, $newstrength, $newdexterity, $newattack, $newdefense, $newexp, $newgold, $userrow['id']
+	]);
 
     display($page, $title);
-
 }
 
-function drop() {
-
+function drop()
+{
     global $userrow;
 
-    if ($userrow["dropcode"] == 0) { header("Location: index.php"); die(); }
+    if ($userrow["dropcode"] == 0) redirect('index.php');
 
-    $dropquery = doquery("SELECT * FROM {{table}} WHERE id='".$userrow["dropcode"]."' LIMIT 1", "drops");
-    $droprow = mysql_fetch_array($dropquery);
+	$droprow = get_drop($userrow['dropcode']);
 
     if (isset($_POST["submit"])) {
-
         $slot = $_POST["slot"];
 
         if ($slot == 0) { display("Please go back and select an inventory slot to continue.","Error"); }
 
-        if ($userrow["slot".$slot."id"] != 0) {
-
-            $slotquery = doquery("SELECT * FROM {{table}} WHERE id='".$userrow["slot".$slot."id"]."' LIMIT 1", "drops");
-            $slotrow = mysql_fetch_array($slotquery);
+        if ($userrow["slot{$slot}id"] != 0) {
+			$slotrow = get_drop($userrow["slot{$slot}id"]);
 
             $old1 = explode(",",$slotrow["attribute1"]);
             if ($slotrow["attribute2"] != "X") { $old2 = explode(",",$slotrow["attribute2"]); } else { $old2 = array(0=>"maxhp",1=>0); }
@@ -464,11 +457,11 @@ function drop() {
             if ($userrow["currentmp"] > $userrow["maxmp"]) { $userrow["currentmp"] = $userrow["maxmp"]; }
             if ($userrow["currenttp"] > $userrow["maxtp"]) { $userrow["currenttp"] = $userrow["maxtp"]; }
 
-            $newname = addslashes($droprow["name"]);
-            $query = doquery("UPDATE {{table}} SET slot".$_POST["slot"]."name='$newname',slot".$_POST["slot"]."id='".$droprow["id"]."',$old1[0]='".$userrow[$old1[0]]."',$old2[0]='".$userrow[$old2[0]]."',$new1[0]='".$userrow[$new1[0]]."',$new2[0]='".$userrow[$new2[0]]."',attackpower='".$userrow["attackpower"]."',defensepower='".$userrow["defensepower"]."',currenthp='".$userrow["currenthp"]."',currentmp='".$userrow["currentmp"]."',currenttp='".$userrow["currenttp"]."',dropcode='0' WHERE id='".$userrow["id"]."' LIMIT 1", "users");
-
+			$slot_s = 'slot'.$_POST["slot"];
+			db()->query("UPDATE users SET {$slot_s}name=?, {$slot_s}id=?, {$old1[0]}=?, {$old2[0]}=?, {$new1[0]}=?, {$new2[0]}=?, attackpower=?, defensepower=?, currenthp=?, currentmp=?, currenttp=?, dropcode=0 WHERE id=?;", [
+				$droprow["name"], $droprow["id"], $userrow[$old1[0]], $userrow[$old2[0]], $userrow[$new1[0]], $userrow[$new2[0]], $userrow["attackpower"], $userrow["defensepower"], $userrow["currenthp"], $userrow["currentmp"], $userrow["currenttp"], $userrow['id']
+			]);
         } else {
-
             $new1 = explode(",",$droprow["attribute1"]);
             if ($droprow["attribute2"] != "X") { $new2 = explode(",",$droprow["attribute2"]); } else { $new2 = array(0=>"maxhp",1=>0); }
 
@@ -479,13 +472,13 @@ function drop() {
             if ($new2[0] == "strength") { $userrow["attackpower"] += $new2[1]; }
             if ($new2[0] == "dexterity") { $userrow["defensepower"] += $new2[1]; }
 
-            $newname = addslashes($droprow["name"]);
-            $query = doquery("UPDATE {{table}} SET slot".$_POST["slot"]."name='$newname',slot".$_POST["slot"]."id='".$droprow["id"]."',$new1[0]='".$userrow[$new1[0]]."',$new2[0]='".$userrow[$new2[0]]."',attackpower='".$userrow["attackpower"]."',defensepower='".$userrow["defensepower"]."',dropcode='0' WHERE id='".$userrow["id"]."' LIMIT 1", "users");
-
+			$slot_s = 'slot'.$_POST["slot"];
+			db()->query("UPDATE users SET {$slot_s}name=?, {$slot_s}id=?, {$new1[0]}=?, {$new2[0]}=?, attackpower=?, defensepower=?, currenthp=?, currentmp=?, currenttp=?, dropcode=0 WHERE id=?;", [
+				$droprow["name"], $droprow["id"], $userrow[$new1[0]], $userrow[$new2[0]], $userrow["attackpower"], $userrow["defensepower"], $userrow["currenthp"], $userrow["currentmp"], $userrow["currenttp"], $userrow['id']
+			]);
         }
-        $page = "The item has been equipped. You can now continue <a href=\"index.php\">exploring</a>.";
-        display($page, "Item Drop");
 
+        display("The item has been equipped. You can now continue <a href=\"index.php\">exploring</a>.", "Item Drop");
     }
 
     $attributearray = array("maxhp"=>"Max HP",
@@ -516,7 +509,6 @@ function drop() {
     $page .= "You may also choose to just continue <a href=\"index.php\">exploring</a> and give up this item.";
 
     display($page, "Item Drop");
-
 }