Garvin Hicking a écrit :
Hi!
I thing automatically replacing most of occurrences (I guess that all except composed ones like used in server status) should not be a problem. I volunteer to do this if we decide to make some change.
How about using constants? They cannot be injected by users, and we would just need to search + replace $strXXX with strXXX. AFAIK constants don't perform slower than variables, possibly even faster because they can be cached by ByteOP caches [at least I remember having heard that].
Using a function like Sebastian proposed (PMA_str()) would perform terribly slow, when used a couple of times within the page, since getting functions arguments, doing str_replace, calling another user space function etc. would really take up many cycles.
Regards, Garvin
Indeed, constants look like the best choice, apart from the fact that translators will have to adapt.
Marc