Here�s a good article on the common mistakes made by PHP programmers which leave huge security flaws in their applications. Here are the flaws mentioned in the article:
- Unvalidated Input Errors
- Access Control Flaws
- Session ID Protection
- SQL Injection Vulnerabilities
- Error Reporting
Read more at : whenpenguinsattack.com: Top 5 PHP Security Mistakes