Can someone explain to me briefly the dangers of using PHP to host an online dictionary or glossary?
Thread poster: Michael Beijer

Michael Beijer  Identity Verified
United Kingdom
Local time: 10:44
Member (2009)
Dutch to English
+ ...
Nov 28, 2010

Question: Can someone explain to me briefly the dangers of using PHP to host an online dictionary or glossary?

There are a few open source projects that use PHP, but I know that PHP is known to be unsafe.


Open Translation Engine:

How exactly is it unsafe, and what exactly can happen if you use it anyway? That is, what are the exact dangers? Can your data be: deleted (I don't mind), copied (I don't mind). Can a hacker damage your host server/provider (I do mind)? Etc.

The reason I'm asking this is I want to use a ready-made solution because I simply don't have the time or the skills to code something myself, but I would prefer it to be: cheap (open source), and safe. Or at least as safe as possible.


[Edited at 2010-11-28 22:26 GMT]


United States
Local time: 04:44
English to Dutch
+ ...
It can't be that bad Nov 28, 2010

(...) Most of these PHP-related vulnerabilities can be exploited remotely: they allow attackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.

These vulnerabilities are caused mostly by not following best practice programming rules (...)


PHP is widely used (,, to name a few sites I use), so I don't think you should worry too much about it.


Stanislaw Czech, MCIL  Identity Verified
United Kingdom
Local time: 10:44
Member (2006)
English to Polish
+ ...
I've never heard of any dangers Nov 28, 2010

If you want to host a glossary online you will need a database and the pages displaying translations (on the basis of entries in this database) will have to be generated dynamically - as opposite to static HTML files.

I believe that using PHP is one of the safest ways way of achieving it.



madak  Identity Verified
United Kingdom
Local time: 10:44
Swedish to English
+ ...
Thoughts from an amateur Nov 28, 2010

I think potential danger could come from using a form or similar. Unless the form has restrictions on which kind of data can be entered, you might find that your site is vulnerable to malicious code injection.

I never found the time to finish the PHP module in the web design course I studied recently, but I seem to remember that this was partly covered when we studied javascript.

This is what some who know more than me have to say:


Michael Beijer  Identity Verified
United Kingdom
Local time: 10:44
Member (2009)
Dutch to English
+ ...
@Madeleine Nov 28, 2010

Yes, although I know very little about programming, I do keep hearing about this so-called SQL malicious code injection thing. That was one of the things that worried me when considering whether to use PHP and/or a MySQL database.

I have been told that ASP would be safer. Can someone who understands these things shed a little light on this subject, taking as an example, perhaps, Glossword, which seems to be the most actively developed open source solution available at the moment ....(?)

I am working on gathering a few interested translators, in order to pool our resources to build an Online Glossary For and By Translators. So far, we have already collected a very large amount of Dutch-English-Dutch language data, and some German as well, and are now trying to evaluate what would be the best possible current open source solution for creating a multilingual online glossary platform.


p.s.: Glossword is a system to publish dictionaries, glossaries, and encyclopedias. It features an installation wizard, support for multiple languages, visual themes, multi-domain installation, an administrative interface with multi-user support, built-in search and cache engines, the ability to export/import dictionaries in XML format, and W3C-validated code. Glossword is useful for any sort of dictionary-like content, including sites with game cheat codes, online translators, references, and various kinds of CMS solutions. (from their freshmeat project description)


Ramon Somoza  Identity Verified
Local time: 11:44
Member (2002)
Dutch to Spanish
+ ...
PHP by itself is not unsafe Dec 6, 2010

Or at least not more than any other programming language. And ASP is also vulnerable to code injection, let nobody tell you otherwise. IMHO, the most unsafe programming language is C.

I have quite a few sites written in PHP and using MySQL databases (see for example and there's no problem at all.

The caveat is that you know what you do and can program the code properly to prevent (at least the most evident) attacks. The attacks come mainly from interaction with the user, whereby hackers try to exploit flaws in your code.

One classic example is code injection: In its simplest form, it consists that an attacker writes code in a form. If your code simply copies over that text into a database query, you are providing an attack vector, as the text may have characters (such as quotes) that denote the end of the string, and might be used by the attacker to insert additional commands that would be inadvertently executed by your script.

The most basic and obvious way to counteract this is to "strip" every potentially dangerous character from the incoming text. Thus, if you want people to search for words, strip out any characters that are not between "a" and "z" (remember that lower and upper case are different) or a space. You may accept "0" to "9", but any other character is suspect unless proven innocent.

[Editado a las 2010-12-07 17:45 GMT]


To report site rules violations or get help, contact a site moderator:

You can also contact site staff by submitting a support request »

Can someone explain to me briefly the dangers of using PHP to host an online dictionary or glossary?

Advanced search

SDL MultiTerm 2017
Guarantee a unified, consistent and high-quality translation with terminology software by the industry leaders.

SDL MultiTerm 2017 allows translators to create one central location to store and manage multilingual terminology, and with SDL MultiTerm Extract 2017 you can automatically create term lists from your existing documentation to save time.

More info »
BaccS – Business Accounting Software
Modern desktop project management for freelance translators

BaccS makes it easy for translators to manage their projects, schedule tasks, create invoices, and view highly customizable reports. User-friendly, integration, community-driven development – a few reasons BaccS is trusted by translators!

More info »

  • All of
  • Term search
  • Jobs
  • Forums
  • Multiple search