While the parent deserves flamebait instead of "interesting", especially given he/she doesn't have the guts to sign their name to the post, here's a brief reply.
- SQL injection works on any database with any programming language, if things aren't programmed properly, and is definitely not specific to PHP.
- PHP is not longer in version 3 or 4, it's got great object-oriented programming possibilities, is faster to program in than many other languages, and if you use intelligent caching, will be pretty much as quick -- with the remaining speed cost for using PHP made negligent by the real action happening in the database.
- "experienced professionals" do program in PHP. A real programmer will use the best language for the job, and often times that language is PHP. Working with a client who will only pay ~$20/month in hosting on their current webhost often means that a LAMP installation is what you've got to work with. Quick, easy, secure, and job well done using PHP.
- SQL Server is the most miserable, buggy, and overpriced db out there in my experience, and it gives no practical advantage security-wise over MySQL, and nor does postgres or other options. MySQL is ubiquitous, which is its advantage over other databases that may perform better.
PHP is a serious programming language for web development, just like RoR and a host of others. The parent is a perfect example of some old chap that:
a) doesn't understand the differences and requirements of web development vs classic application programming
b) Doesn't realise that PHP has evolved -A LOT- over the past 8 years, and is no less inherently insecure than any other programming language.
c) appears to hate programming languages that are accessible to more than computer science majors, whether some computer science majors use them or not.
Seriously, it's time for some posters to grow up and attempt to be objective rather than inserting their short-sighted, uninformed, and most of all, unintelligent posts against some language they have a hate-on for.