Contents |
Variable names should define what type of data it holds by adding a lower case letter after the dollar sign. Example:
$iFoo = 1;
In the above example you will notice the letter i after the dollar sign ($). The signifies that this specific variable holds an integer. Use the following letters to define the data the variable is holding:
// i = integer $iFoo = 1; // a = array $aFoo = array(1, 2, 3); // b = boolean $bFoo = true; // h = resource $hFoo = opendir('/var/www/phpfox/'); // s = string $sFoo = 'bar'; // o = object $oFoo = new Bar();
By doing this will give other developers an idea of what a certain variable holds without having to back trace the variable. Remember after you define what the variable holds you must start with an uppercase letter.
Variables cannot contain underscores and must be separated by an uppercase character to signify that a new word is starting. Here are some wrong and right examples.
Wrong
$variable_name = 'bar'; $aBar_name = array(1, 2, 3); $_new_name = 1;
Right
$sVariableName = 'bar'; $aBarName = array(1, 2, 3); $iNewName = 1;
When naming a variable try not to make the variable name too long or too short. Also don't simply make up words, try to name the variable by making a connection to what the variable holds. If for an example the variable you are creating is an array and it holds information for a user you could name it:
$aUser = array();
This way another developer has an idea that the variable $aUser is holding an array with user information. If a variable is holding an array that has numerous values you should create a plural variable name. Example:
$aUsers = array( 'user1', 'user2', 'user3' );
If an array holds only one value or is a string for example you can create a singular name. Example:
$aUser = array('user1'); $sUser = 'user name';
To understand how to name classes you will have to know more about how modules and libraries work with phpFox2. Since naming the class has very specific rules with how phpFox2 is designed its best to wait till we get to those sections to fully understand how these classes are named.
Naming a function/method is similar to naming a variable except we don't need to define what sort of data it will return. All functions/methods must start with a lower case letter and cannot contain any underscores unless its a private method, then and only then can it start with an underscore. Much like the variable naming you must separate words with an uppercase letter. If a method is not private and is either public or protected it still cannot start with an underscore. Here are some wrong and right examples.
Wrong
function name_of_function($sFoo) { } private function name($sBar) { }
Right
function nameOfFunction($sFoo) { } private function _name($sBar) { }
If you are creating a method you must declare if its public, protected or private. When creating a function/method try to create a name that has something to do with what will actually be done in the function/method. If for example we are calling a method that will get an array for a specific menu you could name it:
public function getMenu()
Arguments are subject to the same guidelines as variable names. We don't want a bunch of functions like:
doStuff($a, $b, $c)
Instead it should be:
doStuff($aUser, $bUpgrade, $iFriendId)
Properties are subject to the same guidelines as variable names. You must declare if a property is public, protected or private. If a property is private it must being with an underscore like so:
private $_bFoo = true;
All constants must be uppercase and must have a PHPFOX_ prefix. When naming a constant make sure its related to the data its holding. Here are some wrong and right examples:
define('my_constant', true); define('NEW_CONSTANT_NAME', true);
Right
define('PHPFOX_MY_CONSTANT', true); define('PHPFOX_NEW_CONSTANT_NAME', true);
Certain Settings which can be found in the AdminCP are used throughout the script. The reason these variables are located in the AdminCP instead of being defined in the actual PHP script is Admins may need to edit some of these variables at a later time and its a lot easier for non-developers to edit variables from the AdminCP then it is from the source code. We won't go into much detail on how to add a parameter at the moment as we will go into that later once we reach that section. The variable name for such settings have all lowercase characters and spaces are separated by an underscore (_) and must contain the module ID.
If for example we had a parameter that held a setting for the sites title it could be named core.site_title and getting the value via a PHP script can be done by calling the following static method:
echo Phpfox::getParam('core.site_title');
Notice where we have core, this is the module ID so the variable site_title belongs to the core module. If this setting belonged to the user module the call would be:
echo Phpfox::getParam('user.site_title');
Note that phpFox parameters are stored in the database table setting and is automatically cached once the script is executed.
Phrase variables is what we use to get a phrase from the language package being used. This gives us the ability to provide a Multilingual product. We use all lowercase letters and replace spaces with underscores. This is actually automatically done when you create a new variable from the AdminCP so not much thought has to go into creating a variable for phrases. The only thing you can consider is making sure the name of the variable is somewhat related to what sort of information it holds. For example if a phrase holds information that a user has just logged out it could look something like this when trying to call the phpFox static method:
echo Phpfox::getPhrase('user.you_have_logged_out');
Notice that we have user as this specific phrase belongs to the user module. Similar to how settings work and much of the actual script, phrases belong to a module and if its a global phrase then it belongs to the core module.
All folders must be named with lowercase characters. It cannot contain any other characters other then those from A-Z. All folders must be named singular. Here are some wrong and right examples.
Wrong
/my_folder/ /newFolder/ /Folder/
Right
/my/folder/ /new/folder/ /folder/
All filenames must be lowercase and cannot contain any other characters other then those from A-Z. All filenames must be singular. If a PHP file contains a class it must have the following .class.php suffix. If a PHP file contains PHP data it must end with a .php.
Here are some wrong and right examples.
Wrong
Foo.php Foo.class.inc foo_bar.php
Right
foo.php foo.class.php /foo/bar.php
You must always include braces. There are a few ways on how to include your braces and this is usually up to how your personal coding style is, however to make sure we all understand the product we must all use the same style of coding. Below are some wrong and right examples of how to add braces.
Wrong
if (condition) doStuff(); if (condition) doStuff(); if (condition) { doStuff(); } while (condition) ddoStuff(); for ($i = 0; $i < size; $i++) doStuff($i);
Right
if (condition) { doStuff(); } while (condition) { doStuff(); } for ($i = 0; $i < size; $i++) { doStuff(); }
Braces always go on their own line. The closing brace should also always be at the same column as the corresponding opening brace, examples:
if (condition) { while (condition2) { ... } } else { ... } for ($i = 0; $i < $iSize; $i++) { ... } while (condition) { ... } function doStuff() { ... }
This is another simple, easy step that helps keep code readable without much effort. Whenever you write an assignment, expression, etc.. Always leave one space between the tokens. Basically, write code as if it was English. Put spaces between variable names and operators. Don't put spaces just after an opening bracket or before a closing bracket. Don't put spaces just before a comma or a semicolon. This is best shown with a few examples, examples:
Notice: Each pair shows the wrong way followed by the right way.
$i=0; $i = 0; if($i<7) ... if ($i < 7) ... if ( ($i < 7)&&($j > 8) ) ... if ($i < 7 && $j > 8) ... doStuff( $i, 'foo', $b ); doStuff($i, 'foo', $b); for($i=0; $i<$size; $i++) ... for ($i = 0; $i < $size; $i++) ... $i=($j < $size)?0:1; $i = (($j < $size) ? 0 : 1);
Always make it obvious by using brackets to force the precedence of an equation so you know what it does. Remember to not over-use this, as it may harden the readability. Basically, do not enclose single expressions. Examples:
What's the result? Who knows.
$bBool = ($i < 7 && $j > 8 || $k == 4);
Now you can be certain what I'm doing here.
$bBool = (($i < 7) && (($j < 8) || ($k == 4)));
But this one is even better, because it is easier on the eye but the intention is preserved
$bBool = ($i < 7 && ($j < 8 || $k == 4));
There are two different ways to quote strings in PHP - either with single quotes or with double quotes. The main difference is that the parser does variable interpolation in double-quoted strings, but not in single quoted strings. Because of this, you should always use single quotes unless you specifically need variable interpolation to be done on that string. This way, we can save the parser the trouble of parsing a bunch of strings where no interpolation needs to be done.
Also, if you are using a string variable as part of a function call, you do not need to enclose that variable in quotes. Again, this will just make unnecessary work for the parser. Note, however, that nearly all of the escape sequences that exist for double-quoted strings will not work with single-quoted strings. Be careful, and feel free to break this guideline if it's making your code easier to read, examples:
Wrong
$sStr = "This is a really long string with no variables for the parser to find.";
Right
$sStr = 'This is a really long string with no variables for the parser to find.';
Notice: In SQL Statements mixing single and double quotes is partly allowed (following the guidelines listed here about SQL Formatting), else it should be tried to only use one method - mostly single quotes.
In PHP, it's legal to use a literal string as a key to an associative array without quoting that string. We don't want to do this -- the string should always be quoted to avoid confusion. Note that this is only when we're using a literal, not when we're using a variable, examples:
Wrong
$sFoo = $assocArray[blah];
Right
$sFoo = $assocArray['blah'];
Wrong
$sFoo = $assocArray["$sVar"];
Right
$sFoo = $assocArray[$sVar];
Don't use them. Use named constants for any literal value other than obvious special cases. Basically, it's ok to check if an array has 0 elements by using the literal 0. It's not ok to assign some special meaning to a number and then use it everywhere as a literal. This hurts readability AND maintainability. The constants true and false should be used in place of the literals 1 and 0 -- even though they have the same values (but not type!), it's more obvious what the actual logic is when you use the named constants. Typecast variables where it is needed, do not rely on the correct variable type (PHP is currently very loose on typecasting which can lead to security problems if a developer does not have a very close eye to it).
For phpFox 2, we intend to use a higher level of run-time error reporting. This will mean that the use of an uninitialized variable will be reported as a warning. These warnings can be avoided by using the built-in isset() function to check whether a variable has been set - but preferably the variable is always existing. For checking if an array has a key set this can come in handy though, examples:
Wrong
if ($iBlog) ...
Right
if (isset($iBlog)) ...
Right
if (isset($iBlog) && $iBlog == 1)
The empty() function is useful if you want to check if a variable is not set or being empty (an empty string, 0 as an integer or string, NULL, false, an empty array or a variable declared, but without a value in a class). Therefore empty should be used in favor of isset($aArray) && sizeof($aArray) > 0 - this can be written in a shorter way as !empty($aArray).
Switch/case code blocks can get a bit long sometimes. To have some level of notice and being in-line with the opening/closing brace requirement (where they are on the same line for better readability), this also applies to switch/case code blocks and the breaks. An example:
Wrong
switch ($sMode) { case 'mode1': // I am doing something here break; case 'mode2': // I am doing something completely different here break; default: // Always assume that the case got not catched break; }
Right
switch ($sMode) { case 'mode1': // I am doing something here break; case 'mode2': // I am doing something completely different here break; default: break; }
Even if the break for the default case is not needed, it is sometimes better to include it just for readability and completeness.
This depends on how you code but to make sure we are all on the same page we will just use elseif. Here is a wrong and right example.
Wrong
if (condition) { ... } else if (condition) { ... }
Right
if (condition) { ... } elseif (condition) { ... }
All control structures must be lower case. Here is a wrong and right example:
Wrong
IF (condition) { ... } ELSEIF (condition) { ... }
Right
if (condition) { ... } elseif (condition) { ... }
All SQL should be cross-DB compatible, if DB specific SQL is used alternatives must be provided which work on all supported DB's (MySQL4/5, MSSQL (7.0 and 2000), PostgreSQL (7.0+), SQLite, Oracle8.
All SQL commands should utilize the Database Abstraction Layer and not use the conventional methods of executing SQL queries.
All of your queries must use the method we provide to allow sites that use a different prefix. In order to use a prefixed table you can use the following method:
Phpfox::getT('user');
If their prefix is phpfox_ then the above method will output
phpfox_user
phpFox2 uses a database abstraction layer to make sure we can work with all the database drivers we support. In order to connect to this object there are several ways to accomplish this. At first sight these methods may look rather odd but once you get a clearer understanding of how we connect to phpFox2 libraries you will fully understand. This is something we will cover shortly after we look over the guidelines.
If you would like to connect to the database from anywhere in the script you can do the following:
Phpfox::getLib('phpfox.database')->query('SELECT user FROM ' . Phpfox::getT('user'));
If you plan to use the database object more then once you can do the following:
$oDb = Phpfox::getLib('phpfox.database'); $oDb->query('SELECT user FROM ' . Phpfox::getT('user'));
If you are within a module service class you can do the following:
$this->database()->query('SELECT user FROM ' . Phpfox::getT('user'));
Notice: In many of the examples that are coming up we will be using the first method we displayed, however any of the above methods will work depending on where you are calling it from.
You can use the conventional method of using mysql_query() anywhere in the script, however this will cause problems if for example another user is using an Mssql driver.
Since we use a database abstraction layer for all our SQL queries this will take some getting used to especially if you are used to writing the conventional SQL query. However, once you learn the methods used it will be a lot easier and faster to get things down. Below we have listed examples of the common SQL queries and the abstraction layer method we provide.
An example of how we perform a simple SELECT query that will pull out a users user name.
Wrong
$hRes = mysql_query("SELECT user_name, email FROM " . Phpfox::getT('user') . " WHERE user_id = 1"); $aRow = mysql_fetch_array($hRes);
Right
$aRow = Phpfox::getLib('phpfox.database')->select('user_name, email') ->from(Phpfox::getT('user')) ->where('user_id = 1') ->execute('getRow');
As you will notice the methods used are similar to that of a query so there won't be too much of a confusion for those that are new to this. You will also notice the execute method. This is the method we use to specify what sort of a query we plan to execute. In this case we used getRow, which simply put gets one row from the database.
With phpFox2 we also provide an alternative to getRow, which is getSlaveRow. What this does is if you are for example using MySQL as your database driver and since it supports the ability to setup multiple slave servers the query will attempt to connect to one of the slave servers thus lowering the load off the main server. If your database driver does not have slave support then getSlaveRow will automatically default back to getRow. Note that you should use getSlaveRow wisely as if a users server as some sort of a delay before one of the slave servers is populated with the new data it could cause some server problems. So only use this if you feel the information that we are getting does not need to be "live". An example of when not to use this is during a login routine. This sort of information needs to be fully up-to-date at all times and if not it could cause the user problems when trying to login.
If you wanted to select multiple rows you can execute the getRows method. An example of the wrong and right way are:
Wrong
$hRes = mysql_query("SELECT user_name, email FROM " . Phpfox::getT('user') . " WHERE user_id = 1"); while ($aRow = mysql_fetch_array($hRes) { ... }
Right
$aRows = Phpfox::getLib('phpfox.database')->select('user_name, email') ->from(Phpfox::getT('user')) ->where('user_id = 1') ->execute('getRows'); foreach ($aRows as $aRow) { .... }
Much like how the method getRow has getSlaveRow you can instead use getSlaveRows instead of getRows. The same rules of caution apply to this method as it does withgetSlaveRow.
Another useful method is getField and getSlaveField. This method will return the specific field and is very useful when trying to count how many total rows there are for a specific query. Here is an example:
$iCnt = Phpfox::getLib('phpfox.database')->select('COUNT(*)') ->from(Phpfox::getT('user')) ->execute('getField');
$iCnt will return the total number of members found in the user table.
We also provide an easy way to insert data into the database. Here is an example of the wrong and right way.
Wrong
mysql_query("INSERT INTO " . Phpfox::getT('user') . " SET user_name = 'natio', email = 'natio@phpfox.com'");
Right
Phpfox::getLib('phpfox.database')->insert(Phpfox::getT('user'), array('user_name' => 'natio', 'email' => 'natio@phpfox.com'));
Another method we provide is if you would like to process the data before its added into the database. This is useful as sometimes we allow all the data being posted from a form to pass directly to the insert method. This can be dangerous as sometimes you do not want to insert injected data, however this method will check to make sure the data being posted matches what you want to store in the database. For example if the data for a users birthday needed to be a numeric value you can specify that this field is an int thus it makes sure its numeric before entering it into the database. If you do not specify a field in the database then this field will not have any data inserted into it thus protecting the field from any sort of SQL injection that might be attempted. Here is an example of how to utilize this feature:
Phpfox::getLib('phpfox.database')->process(array('user_id' => 'int', 'email', 'user_name'), $_POST)->insert(Phpfox::getT('user'));
With the query above it will only allow us to insert the user_id, email and user_name into the database; it also makes sure that the user_id is a numeric value.
One final method we provide is the multi-insert as we call it. This will allow you to insert a lot more information with just one query. One downside with this method is not all database driver support this, however since you will be using the database abstraction layer there is nothing to worry about as for those drivers that don't support this method we simply do the conventional method within the layer. This sort of query won't be used as often but it can be rather handy in some occasions. Take the routine we use to check if any new phrases are found and if they are it lets us insert them into the database so the site has all the latest phrases for a language package. This is something we use during an upgrade of a site. Since we are upgrading and new phrases might have been added we need to find out which ones are new as users can be running very different versions.
$aInsert = array(); $aPhrases = Phpfox::getLib('phpfox.locale')->getPhrases(); $aRows = Phpfox::getLib('phpfox.database')->select('phrase') ->from(Phpfox::getT('language_phrase')) ->execute('getSlaveRows'); foreach ($aRows as $aRow) { if (isset($aPhrases[$aRow['phrase']])) { continue; } $aInsert[] = array( $aRow['language_id'], $aRow['phrase'] ); } if (count($aInsert)) { $this->database()->multiInsert(Phpfox::getT('language_phrase'), array('language_id', 'phrase'), $aInsert); }
By using this method it allows you to insert a lot more data with just one SQL insert.
Updating is similar to that of inserting data. Here is an example of the wrong and right way.
Wrong
mysql_query("UPDATE " . Phpfox::getT('user') . " SET user_name = 'natio', email = 'natio@test.com' WHERE user_id = 1");
Right
Phpfox::getLib('phpfox.database')->update(Phpfox::getT('user'), array('user_name' => 'natio', 'email' => 'natio@test.com'), 'user_id = 1');
Just like inserting data you can use a process method to update information which would be:
Phpfox::getLib('phpfox.database')->process(array('user_id' => 'int', 'email', 'user_name'), $_POST)->update(Phpfox::getT('user'), 'user_id = 1');
For deleting a query we provide a very short method. Here is an example of the wrong and right way.
Wrong
mysql_query("DELETE FROM " . Phpfox::getT('user') . " WHERE user_id = 1");
Right
Phpfox::getLib('phpfox.database')->delete(Phpfox::getT('user'), 'user_id = 1');
Most of the queries you will come across in the script include a joined query. To accomplish this you can do the following:
$aRows = Phpfox::getLib('phpfox.database')->select('b.blog_id, u.user, u.email') ->from(Phpfox::getT('blog'), 'b') ->join(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id') ->where('b.blog_id = 1') ->execute('getSlaveRows');
In the query above you will notice we added the following
->join(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id')
with this we can JOIN another table. The first parameter is the table name. The 2nd parameter is the table alias for that join. The 3rd parameter is the index connection for that table. Its important to remember that these field(s) must be indexed or it could cause severe problems later on. If we were to translate this query into the conventional method it would look like the following:
Phpfox::getLib('phpfox.database')->query(' SELECT b.blog_id, u.user, u.email FROM ' . Phpfox::getT('blog') . ' AS b JOIN ' . Phpfox::getT('user') . ' AS b ON(u.user_id = b.user_id) WHERE b.blog_id = 1 ');
If you were to use a LEFT JOIN instead of a JOIN the query would then look like this:
$aRows = Phpfox::getLib('phpfox.database')->select('b.blog_id, u.user, u.email') ->from(Phpfox::getT('blog'), 'b') ->leftJoin(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id') ->where('b.blog_id = 1') ->execute('getSlaveRows');
You can also use an innerJoin() which would be:
$aRows = Phpfox::getLib('phpfox.database')->select('b.blog_id, u.user, u.email') ->from(Phpfox::getT('blog'), 'b') ->innerJoin(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id') ->where('b.blog_id = 1') ->execute('getSlaveRows');
Ordering a query we use the order() method and the command we use is standard SQL. Here is an example:
$aRows = Phpfox::getLib('phpfox.database')->select('b.blog_id, u.user, u.email') ->from(Phpfox::getT('blog'), 'b') ->join(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id') ->where('b.blog_id = 1') ->order('b.time_stamp DESC') ->execute('getSlaveRows');
If you were to translate this query to its conventional form it would look like the following:
Phpfox::getLib('phpfox.database')->query(' SELECT b.blog_id, u.user, u.email FROM ' . Phpfox::getT('blog') . ' AS b JOIN ' . Phpfox::getT('user') . ' AS b ON(u.user_id = b.user_id) WHERE b.blog_id = 1 ORDER BY b.time_stamp DESC ');
Limiting a query we use the limit() method. Here is an example:
$aRows = Phpfox::getLib('phpfox.database')->select('b.blog_id, u.user, u.email') ->from(Phpfox::getT('blog'), 'b') ->join(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id') ->where('b.blog_id = 1') ->order('b.time_stamp DESC') ->limit(0, 5) ->execute('getSlaveRows');
If you were to translate this query to its conventional form it would look like the following:
Phpfox::getLib('phpfox.database')->query(' SELECT b.blog_id, u.user, u.email FROM ' . Phpfox::getT('blog') . ' AS b JOIN ' . Phpfox::getT('user') . ' AS b ON(u.user_id = b.user_id) WHERE b.blog_id = 1 ORDER BY b.time_stamp DESC LIMIT 0,5 ');
With the limit() method we also provide a feature that will get the correct limit by calculating the offset, mainly used on page that display numerous items and only a certain amount can be viewed on that page. Here is an example of how this query could look like:
$aRows = Phpfox::getLib('phpfox.database')->select('b.blog_id, u.user, u.email') ->from(Phpfox::getT('blog'), 'b') ->join(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id') ->where('b.blog_id = 1') ->order('b.time_stamp DESC') ->limit($iPage, $sLimit, $iCnt) ->execute('getSlaveRows');
You will notice the following part:
->limit($iPage, $sLimit, $iCnt)
The 1st parameter is the current page we are on (eg 1, 2, 3 etc...). The 2nd parameter is how many can be displayed on one page. The 3rd parameter is how many total items or in this case how many blogs we have. Using this method the script will automatically calculate the offset and return the correct LIMIT for you. This will be explained in more detail once we reach how pagination works, however this should get you a head start in that area.
Notice: Mssql has a different way of processing grouped fields as it requires everything selected to be defined in the group clause and it also does not allow TEXT fields so use this with caution. In many cases we felt to deal with this problem with Mssql we used PHP logic to group queries instead. It unfortunately will cause a slight overhead but it is a route we must take.
You can group a query by using the group() method. Here is an example:
$aRows = Phpfox::getLib('phpfox.database')->select('b.blog_id, u.user, u.email, COUNT(blog_id) AS total_blogs') ->from(Phpfox::getT('blog'), 'b') ->join(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id') ->group('b.blog_id, u.user, u.email') ->order('b.time_stamp DESC') ->execute('getSlaveRows');
If you were to translate this query to its conventional form it would look like the following:
Phpfox::getLib('phpfox.database')->query(' SELECT b.blog_id, u.user, u.email, COUNT(blog_id) AS total_blogs FROM ' . Phpfox::getT('blog') . ' AS b JOIN ' . Phpfox::getT('user') . ' AS b ON(u.user_id = b.user_id) GROUP BY b.blog_id, u.user, u.email ORDER BY b.time_stamp DESC ');
If you would like to use HAVING you can use it with the having() method. Here is an example:
$aRows = Phpfox::getLib('phpfox.database')->select('b.blog_id, u.user, u.email, u.view') ->from(Phpfox::getT('blog'), 'b') ->join(Phpfox::getT('user'), 'u', 'u.user_id = b.user_id') ->having('u.view > 1') ->order('b.time_stamp DESC') ->execute('getSlaveRows');
If you were to translate this query to its conventional form it would look like the following:
Phpfox::getLib('phpfox.database')->query(' SELECT b.blog_id, u.user, u.email, u.view FROM ' . Phpfox::getT('blog') . ' AS b JOIN ' . Phpfox::getT('user') . ' AS b ON(u.user_id = b.user_id) HAVING u.view > 1 ORDER BY b.time_stamp DESC ');
Escaping queries is very important. This is to prevent any sort of SQL injections at a later time. To make things a little easier for us we automatically escape data when inserting or updating data that is passed within the array. For example in this update:
Phpfox::getLib('phpfox.database')->update(Phpfox::getT('user'), array('email' => $aVals['email']), "user_name = '" . $aVals['user_name'] . "'");
In the example above $aVals['email'] will automatically be escaped since its within the update array. However, $aVals['user_name'] will not be automatically escaped so this is up to you to protect the script from any sort of SQL injections by using the method escape() like so:
Phpfox::getLib('phpfox.database')->update(Phpfox::getT('user'), array('email' => $aVals['email']), "user_name = '" . Phpfox::getLib('phpfox.database')->escape($aVals['user_name']) . "'");
Double quotes where applicable. Since SQL standard is to use single quotes within queries you must sometimes use double quotes especially when dealing with strings that need to be escape. Here is a wrong and right example:
Wrong
$aRows = Phpfox::getLib('phpfox.database')->select('phrase') ->from(Phpfox::getT('language_phrase')) ->where('phrase = "' . $aRow['var'] . '"') ->execute('getSlaveRows');
Right
$aRows = Phpfox::getLib('phpfox.database')->select('phrase') ->from(Phpfox::getT('language_phrase')) ->where('phrase = \'' . $aRow['var'] . '\'') ->execute('getSlaveRows');