[Gigachad]

Rails actually does do a good job of treating user input as dangerous and it can often detect when user input is being used in the wrong places like directly in to sql. And with industry standard tools like brakeman, you can have CI alert you of most cases where user input is not safely handled.

[netzone]

That's way too complicated for the person just starting out and wanting to add a counter to his small website. Nobody starting out with programming today will start with Rails. They might start with Javascript, but more than likely they'll start with PHP. It's accessible and SIMPLE.