Php helps you to quickly build big applications and many times, its easy to neglect the security matter. Its easy to believe that security breaches could not happen to your software. But what if it does happen? For this reason, security in your applications should be kept in consideration from the beginning.

I have read in the past many scary things about PHP variables. Words like: be aware, take care or look again are still in my mind. And slowly, I have realized that it would be prudent to follow some steps when using PHP variables. I have tested many secure implementations and found no performance decrease when being processed by the PHP engine.

Here is a short list of things you can do to better protect the security of your applications:

   1. Check the number of POST, GET and COOKIE variables handled by your applications.
   2. Check if the variable content is of appropriate type.
   3. Using REQUEST METHOD and REFERRER.
   4. Check the variable content length.
   5. Check a 'secret key' inside one variable.



http://www.devshed.com/c/a/PHP...variables/