I'm not familiar with specific form processors, but it's as Bob said: Probably.
This is more of a "coding style" and "lazy programmer" issue than anything language-specific, though in my experience PHP makes it easier to be a lazy programmer and use poor coding style - though that has improved significantly in more recent versions - and yes, I do most of my coding in PHP these days so don't just assume I'm a crotchety Perl programmer. :>
Part of it also has to do with the unintended audience for these types of scripts: Spammers are wily individuals with few moral compunctions, and if there's even a minor/obscure hole in a popular script they'll probably find it eventually.
The moral of the story for programmers is this: Check your input and be very picky as to what you trust! :>
- Jeff @ DreamHost
- DH Discussion Forum Admin