Sketched a snippet for ModX, working with a custom table in the database. Snippet placed in the template, called via ajax + POST.
Problem - if the reading is done with a bang (the first part of the code, case = read), then the write (the second part of the code, case = insert) - with a scratch. If you do not set the mysql_real_escape_string check, then it writes without question, with this check a string is inserted, but for the field where the check is mysql_real_escape_string, this field is kept empty ...
In theory, the connection to the base inside the snippet should already be, in which case the barrier, I do not understand.
In essence, you need to write banal string data, such as name, surname, or email or domain, can there be other checks?
if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {return;} if (empty($_POST['action'])) {return;} $result = ''; switch ($_POST['action']) { case 'read': $sql = 'SELECT * FROM `items` WHERE status=1 LIMIT 100'; $query = $modx->query($sql); if ($query) { while ($i= $query->fetch(PDO::FETCH_ASSOC)) { $result .= $i['id']; } } break; case 'insert': $item_name = (int)$_POST['item_name']; $item_text=mysql_real_escape_string($_POST['item_text']); $status = 1; $sql ="insert into `items` (item_name,item_text,status) values ('".$item_name."','".$item_text."','".$status."')"; $stmt = $modx->prepare($sql); $stmt->execute(); $res = 'ok'; break; } if (!empty($res)) { die($res); } 
$res = $stmt->toSQL();instead ofok- Tunker