I am fairly new to writing web applications with PHP. I know most of the basics, but I have some security questions.

I was wondering if anyone knows any tips to help make my PHP scripts more secure.

I write all my scripts assuming REGISTER GLOBALS is OFF. I have already been schooled on this issue. I also write database connections in a seperate file that is included in any page requiring a database connection.

Beyond that, I have no idea what it takes to make PHP more secure.

I am specifically looking for any practices that would prevent me from writing code that a malicious or curious user might use to access restricted areas of a web site.

Any ideas?