For me, it was this
https://www.php.net/manual/en/function.mysql-real-escape-string.php
Never used it in over 23 years of using PHP. Also, I don’t thing that has existed anymore for the past 10 years or so?
Seriously, if we’re going to do this, can we also bitch about painful java apps from 10 years ago, or the hilariously shitty modules in node from 10 years ago? I can go on for a while, but you hopefully get the point.
The question was why do I hate it, and it was because of this. I don’t understand your confusion.
Blame MySQL for that. The PHP API just mirrors the MySQL C API of the same name. https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-escape-string.html
Modern PHP doesn’t use it - any modern code uses PDO with prepared statements.