Vanilla Forums is basically built upon a customised MVC framework called Garden. It makes developing plugins for Vanilla fairly neat, but documentation is somewhat thin on the ground for the actual Garden framework. When working on the Setup() function of my plugin, I was doing some initial data insert into a new table I was creating. Since I was inserting a fair amount of data, I was populating an array which would subsequently be used by the Vanilla/Garden data layer to do the insert; something like this:
$ret = $SQL->Insert('eub_NewTable', array( array('Name' => 'Grand father', 'TreeLeft' => 1, 'TreeRight' => 28, 'TreeLevel' => 0, 'LevelOrder' => 0, 'ParentID' => 1), array('Name' => 'Bill's father', 'TreeLeft' => '2', 'TreeRight' => '365', 'TreeLevel' => '1', 'LevelOrder' => '2', 'ParentID' => '0') ));
Woops….there’s a single quote in there….
Unfortunately, unless I am doing something very wrong, it seems that Vanilla/Garden doesn’t escape these for you. I suspect there is a function somewhere in the framework to do the escaping for you, but I decided to hack it for the sake of speed…..like this:
array('Name' => 'Bill's father',
And we have a winner. And I gan get onto more exciting things than populating my base data.