The O'Reilly Network has a new article posted this morning from John Coggeshall about the about keeping your scripts secure from the evils of the users out there on the internet.

In my last two columns, I discussed some common bad practices to avoid when writing PHP scripts which can make them more difficult to read and more prone to bugs. In today's column I'll change gears and discuss the meat of this series: the importance of security when working with PHP.

Of course, a lot of this falls under the header of "writing a good application" and knowing the language you're working with, but there are some good suggestions in here. What most of it boils down to is this - "trust nothing". Your scripts should never, ever just take information on faith...