For many years, PHP has been a stable, inexpensive platform on which to operate web-based applications. Like most web-based platforms, PHP is vulnerable to external attacks. Developers, database architects and system administrators should take precautions before deploying PHP applications to a live server. Most of these techniques can be accomplished with a few lines of code or a slight adjustment to the application settings.

The five tips they list range from general "best practice" kinds of things to a bit more specific:

• Manage Setup Scripts
• Include Files (using ".php" not ".inc")
• MD5 vs. SHA
• Automatic Global Variables (no longer an issue in recent releases, 5.4.x)
• Initialize Variables and Values