Stefan Esser of the PHP Security Blog has posted some slides from a talk he gave on the "Basics of Secure PHP Programming".

The first part was presented at the 2nd of September infront of the local PHP user group here in cologne and therefore it is meant for an audience of PHP beginners and is only available in german at the moment.

It covers the basic concept of never trusting user input, the injection flaws caused by trusting the user too much and how they can be circumvented by using the appropriate escaping, or filtering functions.

The talk is all in German, and it has a good 25-30 slides of content to check out. Some of the topics that are covered include using magic quotes, SQL injections, using eval(), and, of course, the infamous register_globals....

You can get the presentation in three different formats from this page - PDF, PPT, and SXI.