For me, it was this
https://www.php.net/manual/en/function.mysql-real-escape-string.php
Blame MySQL for that. The PHP API just mirrors the MySQL C API of the same name. https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-escape-string.html
Modern PHP doesn’t use it - any modern code uses PDO with prepared statements.
Never used it in over 23 years of using PHP. Also, I don’t thing that has existed anymore for the past 10 years or so?
Seriously, if we’re going to do this, can we also bitch about painful java apps from 10 years ago, or the hilariously shitty modules in node from 10 years ago? I can go on for a while, but you hopefully get the point.
The question was why do I hate it, and it was because of this. I don’t understand your confusion.
That article is over a decade old. A lot of these issues aren’t relevant any more or have been fixed. Some weren’t even PHP issues, for example mysql_real_escape_string is a MySQL API (https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-escape-string.html).
PHP isn’t the best language, but it’s not as bad as some people claim it to be, especially if you use a good framework like Laravel.
That is literally a decade old article with basically 1 complaint that sometimes functions are strpos() and sometimes str_len(). Anything else it’s saying is “I don’t even know how to say it”. Really now? Any of your complaints have been fixed since about a decade ago, so why don’t you give it a try?