From what I remember of php applications written around 2009, a lot of them had SQL injection and bizarre roll-your-own-security vulnerabilities. There were some pretty appalling things like the same (wrong) CSRF token validation code being copy-pasted into fifty different files, or passwords saved in plaintext, or customer credit card info sent over email, or every single site being mashed into joomla and drupal no matter whether it actually fit and then never updated.

There are a large number of non-professionals and beginners coding in PHP, they start from say an existing WP plugin ,open it in notepad and start editing until it works,

it happens in JS land too, find some js package made by a newb and run a linter on it, I see issues on code that is written by coders with a few years of experience where they do not use properly the array functions, do not use correctly the lamda, they copy paste same code in 3 or more places.

Do you think that all js,Ruby or Pthon dev would properly use SQL without an ORM? I dpn;t think so, I found recently bugs in a JS codebase where file upload would fail if the file had non US characters in it's name because some parameter was not url encoded, so all developers make mistakes and ORMs were not popular at that time to prevent this kind of mistakes for SQL.

These are all examples of pretty amateur mistakes. This reads more like an argument for keeping senior devs on the payroll than a warning about not using a framework.

It can be both. Senior devs and frameworks are two complimentary ways of managing chaos and organising your code.

A framework will not prevent things to become a mess, in the angular project I inherited in most places the rootScope is injected everywhere, I do not blame the developers either, the angular architecture is not great and when you have a lopt of new tasks for you to implement you don't always have the time to reimplement things, but sometimes the correct solution is not used , though you may want to claim that your favorite framework makes it harder to do the wrong thing.

Yes. I'm working with garbage legacy drupal stuff right now. It is so bad. Makes me die a little every day.

and yet, a lot of vanilla PHP is a mess of code whereas when i had to work on a laravel application i found it a pleasure to work with (even without having any prior PHP experience)

pick your poison i guess.

I agree with you, but what sucks is that instead of 1 or 2 frameworks that are stable you get a large number of them that get deprecated, I was brought to work into 2 PHP projects, one was using yii1 and the second Silex , both frameworks were deprecated and some of the dependencies are deprecated too. I did not worked on Laravel, I hope when I will it won't be again on an unsupported old version.

Also it sucks when you search for help and you need to double check if the solution is for yii1 not 2, or angular1 not the others etc.

that is very true. at least angular1 was stable for quite some time i'd say, it was quite usable until they started working on angular 2.

that means when selecting a framework, don't pick the newest, but look for something that promises stability, and then stick with it. i picked aurelia to once angular 1 was no longer usable. and although i mainly chose it for other reasons, it looks like it will be a stable choice.

It could be a good stable framework, though can you put yourself in my place, say in 5 years you are called to work on your current project, some new small feature must be added or some bug needs to be fixed. So I will have to learn to work with yet another old framework that is no longer populkar and the developers that wrote the code moved to the next cool thing.

It is what it is, I will have to learn and maintain others code like I always done but it would be better if we had some stability as I mentioned, some standard web framework built in JS and browsers that most developers would use and the devs that want new and shiny could ignore that and use whatever.

well, one of the key things of aurelia is to use standards as much as possible. so as javascript evolves aurelia will pick up on these things and remove any homegrown things to use whatever javascript provides instead. so it is up to javascript to grow a decent standard library.