Well google has a ton of sites under keywords "Php Security Checklist", such as http://aymanh.com/checklist-for-secu...-configuration
You're not going to find the "ultimate" guide unfortunately because as technology improves so does the methods to get by security. But you've already got the most important ones down, sanitization of database inputs, cross site scripting. A few others i'd note are things like using "includes" for example if you include pages based on $_GET, make sure to have "safe" words in an array, or scan your directories to make sure what theyre requesting in the $_GET variable is OK and not harmful.
Making sure directories and files are safe and secure (i.e. not all CHMOD'd to 777) if you're proficient at php, then you'll also know the weakspots of your codes.
Security is a question that can be added to infinity. Maybe others can post what they think is the most secure way of doing things, and what they've learned is good practice. Those were just a few off the top of my head.