>>17
The de facto libraries for SQL in C have prepared statements, as do the de facto libraries for SQL in other languages. Yet programmers still bypass them because the programmers "know better" (maybe they're clever?), or sometimes because the programmers do not read or do not understand the documentation.
The only language where this sort of SQL failery is really an issue is PHP, because it doesn't have prepared statements. Everywhere else, people actually use those prepared statements.
My point stands: it is easy to write insecure software in any language.
Your point doesn't stand at all, and if that was your point, it's missing the point.
It's certainly
possible to write insecure software in any language, but that doesn't mean it's equally easy in every language, or that there aren't some languages that encourage writing shit software while there are others that make it comparably much harder.
Languages are not secure or insecure. Systems are secure or insecure.
Your first statement is bullshit, but your arguments for it were the same arguments that, if they'd been right, would have rendered the second statement wrong.