I’ve found out a bit more, but still need some help.
The SQL query is being generated by the DocManager library (which is in the MODx resources library). I was using it to modify a document when OnDocFormSave is called. The offending line is 78 of document.class.inc.php, which is:
$modx->db->update(&$this->fields, $tablename, "id=$id");
What should I change this line to so apostrophes are escaped properly?
Let me rephrase that: I know I can call addslashes before the $modx->db->update, but is there a better solution, i.e. a function in the MODx API to do this for all fields, content, title, etc.?
Andy