>>17
It's easier to make programs that work while having completely unforeseen security problems in PHP. Meaning that while an expert could surely produce secure programs in both C and PHP, the amateur is able to make a more or less feature complete program with oodles of security holes in PHP whereas he'd just crash and burn using C.

I'll admit straight away that C is likely nowhere near the appropriate implementation language for a web service. Without an utility library (and I'm not saying anyone should do without one), string handling is rather labour-intensive. SQL database access depends on the database used. You'll need to write your own transaction harnesses, though this applies to Java, Perl and PHP just the same. Buffer overflows are the least of your problems, especially if you know what you're doing.

Regardless, I'd recommend against using PHP for anything that is expected to interface with the big mean nasty hostile intarbutts, for the simple reason that SQL injection attack bugs are both so trivially easy to produce and actually encouraged by 99% of all "how do I did MySQL in PHP???" web tutorials.