More: php uses weak/'implicit' typing which means you never really know what type you are dealing with, unless you explicitly state so in the code. This might be fine for simple web-servers or some forum software, but it makes php inherently useless for high security applications.

^This is amateur grade code at best, and now we see the result...

edit: @gollum: Exactly!!