
Originally Posted by
s-p-n
Because they (or the people they learned from) knew the mysql extension first and don't find reason or find the time to learn and use the mysql improved extension.
Never is a strong word. There's always a reason to do something- even if it's not a good reason. Someone might code a site insecure on purpose because their employer won't give them a raise or pay them for extra security- or the employer told the person to quit wasting time on security.
I'd say something like, 'you should never let the user put raw input inside ur query strings, and u should always use mysqli.' But that's so biased it's retarded. You should only do those things if your employer is paying you to do those things.
If somebody wants you to make a web app for under 100 bucks, best believe it: To speed up development, I'm going to use some procedural and OOP with echo in the methods. Do I know better? Of course! But there is a time when you need to code poorly.. 'Tis Sad but true.
Sometimes you just gotta get shit done- who wants to spend a month working on a $100 script? That's just wasting your knowledge on ripping yourself off and pissing off the person you told it would be done in a week.
I just got carried away, didn't I.. Apologies.
Good start Mark!
Edit:
Just for the record, I disagreed with the points in my above statement for a LONG time. Until this year, I didn't even think anyone thinking like that was worth any of my time. So I totally understand if you disagree. In an open source world, there's no reason for imperfections. But the world is not open source. It's a cold, cruel world with poor code coming from great coders- and I chose to adapt (and I always reserve the right to change my mind).