Problem 1 in the article at IBM developerWorks kind of rub me the wrong way.
Why not? How is the second code example in that post superior to the first? What I see is that the first example, that uses mysql_* directly, is more readable. The second snippet is a jumbled mess.
The article recommends using PEAR::DB. Is PEAR::DB even PHP5 ready? I don’t know, I don’t use it. The author could have at least used PDO. Still slower, but not as bad and is the future of PHP database abstraction IMO.
He uses a prepared statement to do the select. First, I have tested and I know is slower for MySQL. Second, it is not the end all be all of stopping cross site scripting that a lot of people believe it to be. You can only pass certain value parts of certain clauses. Many applications require more complex dynamic query creation.
As for the rest of the post, I agree with most of it. I would argue that many of the problems are not PHP/MySQL related, but just cases of bad programmers and/or new programmers that don’t know better. They read things written by big companies like IBM and follow one bad example (like using PEAR::DB when its not needed) and start off on the wrong road.