Even though there are many people who complain about it, most of the software that you use on the web is run on PHP. Sometimes the PHP is only on the surface and there is another type of language software running on the back end and sometimes the PHP makes up the entire software stack except for the server. But no matter how you are exposed to it, PHP software is all over the web and it is going to be that way for a long time.
As we said earlier in the article there are a lot of complaints that come along with PHP software. Some of the complaints are just people who are grumpy and do not like the language. Other complaints are legitimate and really need to be looked into. No matter what though, any software that is built on the PHP stack needs to be secured and in the past this was somewhat of a problem when dealing with the language.
The reason why so much legitimate hate was heaped on PHP was because of the design decisions that made it unsafe for use on the web. Some of these design decisions included global variable and use of magic_quotes.
The good thing is that a lot of what made PHP unsafe has been removed from production code. If you are creating a new application then you no longer have to worry about mistakes from the past creeping in. With the new PHP you are able to code with the best practices to make sure that everything is secure. This also includes some of the new frameworks that are available with the PHP language. With these new frameworks a lot of the safety is already built in.
The one thing that you do have to worry about when it comes to making PHP vulnerable is all of the old software out there. There are still millions of lines of old PHP production code out there making the web unsafe. And there has not been a rush to remove that code either. So if you are looking at the fault of PHP still being a vulnerable language look no further than the old code in the past.