Just wanted to point out a good article about securing PHP.
Read MoreQuote:
Securing PHP: Step-by-step
by Artur Maj
last updated June 23, 2003
In my previous article ("Securing Apache: Step-by-Step") I described the method of securing the Apache web server against unauthorized access from the Internet. Thanks to the described method it was possible to achieve a high level of security, but only when static HTML pages were served. But how can one improve security when interaction with the user is necessary and the users' data must be saved into a local database?
This article shows the basic steps in securing PHP, one of the most popular scripting languages used to create dynamic web pages. In order to avoid repeating information covered in the previous article, only the main differences related to the process of securing Apache will be described.
Also... their Securing Apache Step-by-Step is pretty good too.