Readie - 6:39 pm on Nov 15, 2011 (gmt 0)

Rocknbil::

I was speaking more to say "be careful how you code it" - if it's like my first implementation of my class, which was something along the lines of:

while(preg_match('/\!v\{([A-Z_\d]+)\}v\!/sm', $html, $match)) { if(!isset($vars[$match[1]])) {continue;} $html = str_replace($match[0], $vars[$match[1], $html); }

Then, say I include a user's comment in the variable "USER_COMMENT" - that user could cause me a headache by entering the string "!v{USER_COMMENT}v!" into their comment.

So my comment was really just saying, if someone were to use similar logic to my above, it's more likely to be an issue using just square brackets as it's more likely to be a string that someone innocently enters into their text.