Douglas Brown has a few helpful hints to help you write your PHP code defensively, protecting your code from malicious attackers.
The phenomenal growth of PHP applications has also led to a mushrooming of increased quantum of malicious activity. It thus becomes imperative that you write secure PHP code to protect your website. Here are some tips for the same. The three most vulnerable aspects of PHP that can become easily accessible to anyone are XSS (Cross Site Scripting), Global Variables and SQL code.
He details what each is and how you can protect your code against the problems they cause. Some example code is included to give you a better idea of the possible solution.