Why PHP gets so much hate?

PHP is as secure as any other language. The application code is as safe as the programmer makes it. Online content covering the insecure code can not be a factor for the judgment. Ignorance and bad practices of the individuals is probably the worst excuse to blame the technology.

I was wondering the same thing myself.

PHP is ubiquitous and incredibly easy to get started with and so a lot of developers of very different skill sets have used PHP and written about it. As a result, there are a lot of tutorials, blog posts, and projects which demonstrate poor or unsafe practice.

First of all, what you have to contend with is how "up to date" a tutorial, etc. is. For example, prepared statements didn't even exist before around 2004, and therefore you're not going to see them in php tutorials from before then, and not a lot for some time after- because after they put something in the code, it takes time for the news to get around and enough people to learn it before we start seeing it in tutorials and the like. As the language changes, so does the basic way of doing things. This is true for ALL languages- not just PHP.

Second of all, about the worst thing that can happen with PHP is someone drops your SQL database tables and steals everyone's account information. By comparison, about the worst that can happen with a high-level language C++, Python, Perl, etc. is someone installing a BIOS rootkit on the server. Simply put, high level language = even more nefarious things that can be done within theory, and even higher stakes when it comes to security. Simply put, the more a language is capable of, the worse the possible security implications are- Therefore, we must select the right tool to accomplish that which we want to accomplish considering what capabilities we need (perhaps sacrificing some of the capabilities we want).

Chances are, if you're not designing PHP code to be secure, you're probably not going to be securing your C++, Java, JavaScript, Python, Perl, Ruby, (fill in the blank here) code either, because those languages are much more difficult to learn than PHP is. While some languages are easier to write secure code in than others, you still have the accessibility issue of most people being able to grasp the syntax beyond a "hello world" script. That's one of the reasons we see more PHP on the internet than any other language. (that and languages like ASP are proprietary and come with a price tag. This was one of the things that killed VisualBasic - Microsoft quickly found out that people were willing to bootleg it before they were willing to pay for it.)

I still like PHP because it's easy to use