Hi!
I thing automatically replacing most of occurrences (I guess that all except composed ones like used in server status) should not be a problem. I volunteer to do this if we decide to make some change.
How about using constants? They cannot be injected by users, and we would just need to search + replace $strXXX with strXXX. AFAIK constants don't perform slower than variables, possibly even faster because they can be cached by ByteOP caches [at least I remember having heard that]. Using a function like Sebastian proposed (PMA_str()) would perform terribly slow, when used a couple of times within the page, since getting functions arguments, doing str_replace, calling another user space function etc. would really take up many cycles. Regards, Garvin -- ++ Garvin Hicking | Web-Entwickler [PHP] | www.garv.in | ICQ 21392242 ++ Developer of | www.phpMyAdmin.net | www.s9y.org ++ Make me happy | http://wishes.garv.in