[justinhj]

> Interesting; what bothers me the most when using PHP is that it feels easier to introduce security flaws than other languages. Not that it's hard to code safely, but sometimes the most obvious way to e.g. access a database is the unsafe way (which is partly just because there're a lot of old libraries and bad advice floating around). Charset handling is a similar area; I've seen lots of PHP code that appears to work fine but goes wrong when given non-ascii characters. It wouldn't surprise me if there were similar issues with timezones, though I haven't dealt with them enough in PHP to be sure.

Well in my case we work on mobile apps so the client doesn't do anything unexpected with respect to character sets and time zones. Probably that's harder when working with random web browsers. Security wise I agree with you it's easy to do wrongly, especially with the simple DB API's that can be used naively.