The International PHP Magazine has posted results from their latest PHP community poll as voted on by visitors to their site. The question for this poll asked developers what they thought, of the choices on the list, was the most common mistake that PHP developers make.

Coming in at number one by an overwhelming lead was "Not escaping entities and SQL input" (a definite problem indeed) with the next highest option, "Not using a Framework" a full twenty percent lower. The next two options were closer (descending) - "Using old PHP versions" and "No or little use of Object Orientation".

There's a new poll this week for your consideration - this time asking which stage, of the five options, should come first in the development cycle of a typical content management system. Head on over and cast your vote today!

The results of the latest International PHP Poll are in for the question "Which is the best way to do PHP web testing?" Options included "Use SimpleTest Web tester", "Use element IDs or names to test links, forms and fields", and "Log HTTP requests in the application".

Coming out on top with 22.6 percent of the votes was the first item, though - "Use SimpleTest Web tester". Second was a close race with "All" and "None" only about 1 percent different ("None" being the higher).

Be sure to get your vote in for this week's poll question - "What Is the Top Mistake That PHP Coders Commit?" Options for this poll include "Not escaping entities and SQL input", "Syntax errors", and "Not using a Framework".

There's a new article on The Register about a topic that's constantly argued in any language, much less PHP - application security.

PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web.

They talk first about the "great rise of PHP" on the web and how this surge of popularity also helped to show the great number of PHP security issues - both in applications written in it and in the language itself.

There's a mention of some of the upheaval that the PHP security community has had this year as well. They talk about the security of a LAMP installation versus a Windows machine, and their suggestions on helping to make the PHP world a better place.

On his SourceRally blog, reign as a new post listing out the "Top 10 Mistakes & Problems" that PHP developers make.

Seeing the number of problems and mistakes PHP coders encounter repeatedly I set out to make this list of the 10 most common problems and mistakes done by PHP coders.

Included on the list are some of the usual suspects:

• Not escaping entities
• Not Escaping SQL input
• Requiring and including files using untrusted data
• Syntax errors

But there's also a few that are just good recommendations and aren't really problems (like using a framework or OOP in an application). Check out the full list here.

The results of the latest International PHP Magazine poll are in. The question they askes visitors this time was what they thought the most common security mistake is.

The options for this poll were:

• Unvalidated Input Errors
• Access Control Flaws
• Session ID Protection
• SQL Insertion Vulnerabilities
• Error Reporting
• Others

Not surprisingly, input validation errors ranked top of the list, with SQL insertion issues coming in second. The rest were closer with error reporting barely besting session ID protection.

This week's poll question asks readers, out of a few choices, which is the most dangerout kind of PHP attack. Cast your vote now!