I don't use PHP right now, it's not my favorite language, but I hate when people are trying to excuse their own laziness and incompetence by saying “it’s all because of tool X”.
Rails and ActiveSupport are a huge extension to Ruby and are bigger than the non Rails Ruby usage. If you read the average PHP tutorial, it starts you out connecting to a db, running raw sql and rendering templates in the same file. An absolutely horrible idea. If you start on the default rails tutorial, you gets set up with a decently safe configuration.
It's not a horrible idea, it's the simplest and easiest way to solve simple problems. Bringing in rails and all it's abstractions for something you can do in a single php (or ruby BTW) file is insane.
The easiest and simplest way is not the most secure way. Most of the beginner PHP tutorials show you something that technically works but should never ever be attempted on a real app. The problem is they do work so they get used with real users data.
> The easiest and simplest way is not the most secure way.
No, but the next simplest (using prepared statements) is. Why do you immediately jump to something so much more complicated and full of abstractions instead of the next simplest thing?
PHP maintainers do fix bugs.
I don't use PHP right now, it's not my favorite language, but I hate when people are trying to excuse their own laziness and incompetence by saying “it’s all because of tool X”.