Jem is a self-proclaimed l33t PHP ninja, and she knows what she's talking about. :P
Keep an eye on her website, she's very helpful on the subject and has many posts concerning it.
1. Only use error_reporting(E_ALL) while developing, in the release use error_reporting(0)
2. Don't be afraid to ask questions and get help
3. Report ANY errors/warnings
4. Never trust $_SERVER as it can be modified
5. Never trust anybody
6. The PHP manual can be very useful; don't be afraid, it's your friend.
7. Have people test your projects
8. XSS/CSRF etc attacks
9. Sanitize any user input (Forms, Get, Post, etc..)
10. Be especially careful if you use HTML selects, checkboxes, or radio buttons in forms, they can be changed by the user
11. Time and patients can make the biggest difference
12. You should probably make sure you're comfortable with any language you write a script/program in.
13. Lean by example -- look at other people's script.
14. Try to "break" the script on test runs
15. Password encryption
16. Never store sensitive stuff in .inc.php files
17. Place all config files, .ht* files out of your root directory
18. Ask questions: What could I have done differently? Why does X do this? Why does Y do that.
Sorry if the wording of these tips is a bit odd. :P
Kinda posted this in a hurry!
Last edited by johnnnn; 08-10-2010 at 12:17 AM..