Well, if you set a global filter you set an extremely strict one. Like only letting a-z through or the equivalent in your charset, for example. Want a number? Tough, call the filter function to get at it. The idea
Ah, ok, you can still get the original data but you have to do it manually. Will break most applications (email-addresses would need to allow a bit more than that already but that's still safe, passwords might be a bit trickier).
The preg* functions support UTF8. But yes, the filters need to understand charsets correctly.
Stupid question: Is it safe to pass a variable containing UTF8 to a ASCII function like exec()? I think to remember that the encoding makes sure that the encoding ensures that none of the ASCII characters will be contained in the string as part of a multibyte encoded character, right?
- Chris
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
