Writing secure PHP is also known as “Never, ever, ever, under any circumstances trust your users.” Luckily, in his two part (so far) series on securing PHP, Dave Child of ILoveJackDaniels.com elaborates much more on this point.
PHP is a very easy language to learn, and many people without any sort of background in programming learn it as a way to add interactivity to their web sites. Unfortunately, that often means PHP programmers, especially those newer to web development, are unaware of the potential security risks their web applications can contain. Here are a few of the more common security problems and how to avoid them.
His examination should be especially handy for a beginner as well as for any more advanced PHP programmer who might have forgotten to be paranoid.