Filed under their "Advanced Topics" sections today is a new article from WebReference.com that looks at some security techniques developers can use in their apps to help keep their and their user's information safe from prying eyes. It's an excerpt from Larry Ullman's book "PHP 5 Advanced: Visual QuickPro Guide".
This chapter will begin by rehashing the fundamentals of secure PHP programming. These are the basic things that I hope/assume you're already doing. After that a quick example shows ways to validate different kinds of data that might come from an HTML form.
The third topic is the new-to-PHP 5 PECL library called Filter. Its usage isn't very programmer-friendly, but the way it wraps all of the customary data filtering and sanitizing methods into one interface makes it worth knowing. After that, two different uses of the PEAR Auth package show an alternative way to implement authorization in your Web applications. The chapter will conclude with coverage of the MCrypt library, demonstrating how to encrypt and decrypt data.
The security tips in this part of the series range from turning off register_globals (you do have it off, don't you?) to form validation with things like regular expressions and the ctype functions.