2
$xoopsDB->query() should normally be used instead of $xoopsDB->queryF(). The latter (queryF) should only be used if the script performing the query is executing as a result of a GET request, and you want to override the safety check done by $xoopsDB->query().
I would change the last three lines from
$result = $xoopsDB->queryF($sql);
$ret = $result
return $ret
to
return $xoopsDB->query($sql);
The function's return value will be TRUE if the query was successful, and FALSE otherwise.