Main Page/Featured Article

Unsafe string replacement occurs when a replacement call is used to remove a series of text longer than one character from a string, invoked only once, to sanitize it. Because string replacement (str_replace in PHP, =~ s/// in Perl, etc) functions only do a single replacement, it is necessary to loop over them until all unsafe characters or strings are removed if you are replacing more than a single character. This also applies to replacements powered by regular expressions.