From PHP Magazine today:

One of the concepts that are most difficult for new Web developers to fully grasp, is just how dangerous it is to trust user input. Just in the last week, there've been around a dozen or so different reports of vulnerabilities found in Web applications - mostly all of them revolve around unchecked user input. Because of PHP's dominance in the Web application development world, many of the vulnerable applications were ones written in PHP, which hurt PHP's security track record, even though it's not the language which is at fault (the same applications, written in any other language - would have suffered from the same vulnerabilities). In a new post, Zeev Suraski writes, "The challenge of validating user input is not a simple one. The key to meeting this challenge is attention to details combined with knowledge." Read more...

In this latest posting on the phpBlog from IBM, they reaffirm something that's being reinforced all over the PHP community right now - validation of user input is a huge key to script security and application integrity.