There are many ways to start a guide or book on PHP Security. Unfortunately, I haven’t read any of them, so I have to make this up as I go along. So let’s start at the beginning and hopefully it will make sense.
Oooo, there's a lot of useful things here. I hadn't even heard of Log Injection attacks as a vector before, ack.