Security can be added to inifinity, but it behooves programmers to be very thorough (anal, even) about the security of their apps -- especially for those who do it for a living. If a customer's web site or app is breached, your customer loses money and you know who they are going to blame.
Ideally, you shouldn't be using GET to collect and manipulate user data at all. POST only. Especially in administrative sections of web sites.
The link you provided looks promising for php.ini configuration. I'll read through it later. I also found this
, but haven't read through it yet. I need something really thorough, that is recent, and then I can add to the list as new coding practices evolve.
The company I worked for "had" an "ultimate guide" for general coding practices, as a part of their intranet wiki, and unbelievably they did not back up the wiki content. It was a valuable resource for me that may be hard to replace.
As an aside: It might be a good idea for a coding forum such as this one to create a sticky post in the PHP board dedicated to documenting good coding practices, in list format. Then the post can be continually updated over time to accomodate new techniques. That would be a great resource, and similar to the company wiki I was referring to at my old job.