PHP Security – Never trust user input
No mater if you are beginner or experienced PHP programmer, you should definitely check out PHP Security Guide by Rob Miller. SQL Injection, Spoofed Form Input, Cross-Site Request Forgery, File Uploads, Including Files, Register Globals, Magic Quotes… He is trying to keep it up to date, so please support him if you can.
UPDATED 2.7.2006. – Here are some examples (PHP Security by Example).