2

I'm coding a new site. İt's like StackExchange, a social site and a blog. I try to create a multi-language site, however I can't decide how to do it.

I have to use modules, so I must use OOP, while having multilanguage interface. How can I do that?

There are two language options (Turkish and English), used continuously (example: home page etc.) or not (some errors; example : "please enter your mail" etc.)

  1. I can use a class and I use array (for used continuously),

  2. I can use a class and an XML page (for errors),

or I can have a class and three language pages: Turkish, English and errors.

Which one gives the best performance?

Other problem is php-mysql security.

I'm using mysqli. I use mysqli_real_escape_string to block HTML characters, but it is not enough. So I additionally use stored procedures.

What else can I do? What is your advice?

Dimitrios Mistriotis
  • 2,220
  • 1
  • 16
  • 26
Ayro
  • 121
  • 3
  • 1
    If you are concerned about the quality of your English the simplest thing to do might be to use Google to translate the post from your native language into English. For the languages I've tried it seems to do a good job. You could even post the original text as well (underneath the English) that way anyone who reads your language can double check the translation. – ChrisF May 11 '11 at 11:16
  • yes but Turkish - English translate has very problem.Becase Turkish language structure is very complex – Ayro May 11 '11 at 12:39
  • Ah, In that case I'd try adding the original Turkish to your own translation then other Turkish readers could still help. Don't just post in Turkish though - Programmers is a English "speaking" site. – ChrisF May 11 '11 at 12:42

2 Answers2

1

From what I understand, you have two questions:

What to use to store language strings: XML or PHP arrays? Which one has better performances?

Arrays are read directly from source code. XML must be first parsed, then transformed in your case into an array. This means that the array approach is ways faster. Also, serialization is another approach which will give you better performance than XML.

But does this matter? In all cases you have to cache those things. In other words, you'll spend for example 800 ms. instead of 45 ms. loading the first page when the server starts, but then, every other page will spend 40 ms., no matter where and how language strings are stored.

What matters, on the other hand, is if you can easily change those strings. Personally, I prefer changing XML by hand, rather than changing PHP source code. There are also security considerations to take in account. Also, what if one day you would like to make an interactive tool enabling you to add and remove languages on the fly through web interface? With XML, it's quite easy. But not so easy if you use arrays directly.

I'm using mysqli. Of course I block html characters and I use mysqli_real_escape_string. But they are not enough.So, I use stored procedure.

Learn how to use parametrized queries. Seriously, it is the only way to avoid SQL Injection, and in all cases it must be mandatory to know that before starting to code any website.

PDO is also your friend, and avoids to be dependent forever on your choice of SQL server.

Arseni Mourzenko
  • 134,780
  • 31
  • 343
  • 513
0

For the php/mysql security, you don't need to block html characters (do you see this website blocking them?), just escape them when outputting to an html page using htmlspecialchars.

Also, use prepared statements instead of mysqli_real_escape_string. I do not like mysqli's prepared statements, so I prefer pdo over mysqli, but that's just a matter of personal preference.

You'll find lots of other comments about security in a web application in this other question: What should a developer know before building a public web site?

Community
  • 1
Carlos Campderrós
  • 805
  • 1
  • 7
  • 13