Perhaps to their credit, they have a two-part tutorial on email sending, one titled "PHP Email" and the other "PHP Secure Email". Also, their form handling tutorial is followed by another tutorial on "validation" (by which they seem to mean a combination of HTML escaping and outdated defenses against SQL injection). But most people are just going to copy and paste the first tutorial without looking at the second.
I can't speak for anyone else as I don't and have NEVER used W3Schools for anything related to PHP or MySQL but used PHP's manual and MySQL docs for anything, but when someone needs help and asks me, I usually use my experience and write up a quick example and do not go through the whole sanitizing of inputs and that, as they're just an example and sometimes are written right on the spot but I do let them know it's only an example and not to be copy and pasted into their documents and that they should properly secure their stuff with input sanitization.
