It doesn't seem fair to call a defect "old" if it wasn't seriously addressed between then and now. I had to pick up PHP (presumably because of heinous sins in a past life) and every tutorial I saw was still pasting user input into non-parameterized queries. There are apparently several different MySQL clients, and our production boxes still had the original (inexplicably still in existence) which didn't even support parameterized queries. And that was in 2007!

Just hit the same issue here in 2011. Plesk, a popular package for managing shared hosting used by hosting companies, doesn't include the MySQL drivers for PDO (what's meant to be PHP's "standard" database library).

Last week I had to rewrite an import script to use mysql_query(), with mysql_real_escape_string() and quotes for every query variable.