There are ways to write your own code and not be stupid. Parametrize SQL queries, use libraries to strip HTML, and so on. Unit test your stuff. Have your server software throw a generic 500 for anything that isn't a 200 from your upstream socket.

I am not saying write everything from scratch. Just use only the stuff you have to.