From my experience and memory of that era, early versions of PHP had a very low barrier to entry and very simple and insecure methods for accessing a database. It was easy to program the CRUD logic of a website without knowing much about the rest of the pipeline, such as security or data cleansing.
This was also the era of jQuery with easy to use AJAX methods, which enabled almost anyone to create a front-end that calls backend code.
All of that was simple code that was easy to share with others on forums. This led to insecure websites where, to exaggerate slightly, every input field could be used for SQL injection attacks.
To be fair with PHP of that era, it was possible to create secure websites with it. It's that the ease of use created the illusion that once the website worked, you didn't have to tackle any other portions of development process such as quality control or security.
From my experience and memory of that era, early versions of PHP had a very low barrier to entry and very simple and insecure methods for accessing a database. It was easy to program the CRUD logic of a website without knowing much about the rest of the pipeline, such as security or data cleansing.
This was also the era of jQuery with easy to use AJAX methods, which enabled almost anyone to create a front-end that calls backend code.
All of that was simple code that was easy to share with others on forums. This led to insecure websites where, to exaggerate slightly, every input field could be used for SQL injection attacks.
To be fair with PHP of that era, it was possible to create secure websites with it. It's that the ease of use created the illusion that once the website worked, you didn't have to tackle any other portions of development process such as quality control or security.
It was a glorious era.