I wouldn't call Python *strongly* typed, but I do know what you mean. I
think.
It is strongly typed (string + int = error), just not statically typed
(but you saw what I mean ;)
"PHP: very loosely typed, does whatever it wants"
yeah php got a life of its own! sure be a lazy programmer and blame
sql injection etc crap on php or try http://www.xdebug.org/ and
others.
No need.
I either use pg_query_params() which automagically handles all quoting,
or an ORM which does the same.
There is no reason to include strings in SQL statements except laziness.
MySQL does not have a mysql_query_params() for PHP, so you have to write
one, it's pretty simple.
Python's (and perl) strength in this respect is that they make it easier
to use the safe solution, ie :
query( "sql with ? or $1 or %s", arg, arg, arg )
PEAR::DB is horrendous.