Hmm , I kind of have the opposite experience having picked up a bunch of PHP projects over the years.
Without tests I have less confidence with modifying another persons code. Without a framework it can be difficult to figure out the structure unless there is good documentation or the project has been well designed and structured (almost never the case).
Also I tend to either find problems with SQL injection,XSS or CSRF because they don't have a framework to help solve these or they have implemented their own solutions which are inevitably buggy or weird in some way.
Well he was talking about a prototype. You don't necessairly need to worry about such things if you're just bashing something out as a showcase, otherwise I'd agree.
That said, they don't allow SQL injections because they don't have a framework, they did it because they're stupid. Using a framework (and following the docs) will help save us from their stupidty, but so would learning about security issues.
Frameworks are largely about speed. They should make you develop quicker because loads of code is pre-written and generally it is of a higher quality than what you'll knock out in a few days because hundreds of man hours go into those libs.
Without tests I have less confidence with modifying another persons code. Without a framework it can be difficult to figure out the structure unless there is good documentation or the project has been well designed and structured (almost never the case).
Also I tend to either find problems with SQL injection,XSS or CSRF because they don't have a framework to help solve these or they have implemented their own solutions which are inevitably buggy or weird in some way.