Well he was talking about a prototype. You don't necessairly need to worry about such things if you're just bashing something out as a showcase, otherwise I'd agree.
That said, they don't allow SQL injections because they don't have a framework, they did it because they're stupid. Using a framework (and following the docs) will help save us from their stupidty, but so would learning about security issues.
Frameworks are largely about speed. They should make you develop quicker because loads of code is pre-written and generally it is of a higher quality than what you'll knock out in a few days because hundreds of man hours go into those libs.
That said, they don't allow SQL injections because they don't have a framework, they did it because they're stupid. Using a framework (and following the docs) will help save us from their stupidty, but so would learning about security issues.
Frameworks are largely about speed. They should make you develop quicker because loads of code is pre-written and generally it is of a higher quality than what you'll knock out in a few days because hundreds of man hours go into those libs.