That are the top hit on Google for a common beginner query and contain multiple vulnerabilities caused by a flaw unique to the language?

And we aren’t talking about an article, we’re talking about a tutorial. There’s a very big difference between the two, why are you switching? Tutorials are obviously vastly more important to beginners.

Let me remind you of the context:

> > Mixing server side and front end code is bad news. I think following many PHP-MySql tutorials will result in SQL injection vulnerabilities. Not good.

> i think you'd have to go back at least a decade to find tutorials that bad

This is something that is harming people learning PHP today, not the distant past.

XSS is unique to PHP? Wait a minute while I go check with OWASP.

Let me quote an earlier part of the discussion:

> The same tutorial with Django wouldn’t have the same problem because Django auto-escapes strings you dump into HTML. These vulnerabilities only exist in this tutorial because PHP treats its output as HTML by default not text, so you need to put in extra effort to be secure.

Python http.server isn't particularly secure by default.

I don't understand why you keep ruminating about Django, which is obviously irrelevant as a comparison. If you want to use Django as a point of comparison you'd need to compare with Laravel.

Why are you repeatedly taking us in circles? You already said that and I already responded to that.

https://news.ycombinator.com/item?id=40258150

Laravel is how you learn web development with PHP. It's the Django equivalent.

You wrote something about how "people" do web development in Python, I don't see the relevance to your decrepit comparison.

Everyone that starts building computer network services is dangerous for about 5-10 years regardless of what tutorial material they initially come across. If not longer, since it takes a long time to internalise the protocols, client platforms, server platforms, relevant network layers, common threat vectors, and so on.