[earthboundkid]

> I'm sure there were many poor practices with other languages 20+ years ago.

I agree with most of what you wrote, but not this. Code written in PHP from the 5 and before era was bad in a unique way. Before it came bad VB and now there is a deluge of bad React. That’s what happens when a language is popular with inexperienced programmers. But bad PHP was bad and insecure by default, which led to a ton of security bugs. The only thing comparable is C, which has had tons of buffer overflow security bugs—but those were written by pros. ;-) I can’t think of anything else web facing with so many problems with SQL injection and string escaping. The problem was that making a webpage by naive string interpolation is a bad idea, but it seemed like a good idea and it’s what PHP did best and why it was so popular. PHP was lucky to be the wrong paradigm at the right time to take off like a rocket.

Modern PHP is MVC-ish like everything else, but without the simplicity of stupid string interpolation, it can’t attract users like bad PHP used to.