Over on the O'Reilly Network this morning, there's the second part to the PHP security article posted here a while back - Ten Security Checks for PHP, Part 2.

In this new article, the author picks up where he left off, with a few helpful things like "Beware of shared servers" and "Escape or Avoid User Input When Constructing Command Strings". This last one can be quite important for a lot of reasons - small things like people accessing a file they shouldnt, all the way to larger things like getting access to /etc/passwd or SQL injections.

I'd say that this article (and the first one) should be required reading for anyone that's just getting started with PHP, or working on that "first big app".

Thanks to Ewald for the link...

NOTE: this article has been corrected. Thanks, chromatic...