the gap with PHP and alternative stacks has mostly closed.
PHP apps now alse get deployed by container or VM... so why not go with something like Kotlin + kotlin.html (HTML eDSL for server-side templating and HTMX), Ktor or http4k (web libs), jOOQ (SQL eDSL with some typesafety on queries) and Postgres?
the PHP, MySQL (MyISAM), mod_php, Apache days are over. and it's not only for security reasons: there are alternatives that score better in every dimension AND run/deploy well on cheap hosting
But it turns out "dump everything in docroot and let mod_php interpret and execute whatever it finds there" had security implications...