PHP developers have so many cutting-edge technologies to explore that they can easily get distracted from the details of security practices. In fact, many PHP developers continue to commit the same security gaffes that have afflicted the community for more than a decade. In his PHPBuilder article Use the PHP Filter Extension to Validate User Data, Jason Gilmore focuses on one particularly dangerous slip-up:
failure to properly validate user input remains the single most serious security issue, with several of the Open Web Application Security Project’s top ten security risks originating directly from this oversight.
He goes on explain how to ensure that user input fits expectations using the Filter extension, an official part of the PHP distribution as of the 5.2.0 release.