Sameer has posted about a list generated by CWE/SANS of what they consider to be the twenty-five most dangers errors you can commit in your application development (PHP related or not):

The document lists the most common and significant programming errors which can lead to serious software vulnerabilities. [...] The 25 vulnerabilities are divided into three main categories: Insecure Interaction Between Components, Risky Resource Management and Porous Defenses, details of which are listed below.

Some of the items in the list include:

• Insecure Interaction Between Components - Failure to Preserve SQL Query Structure ('SQL Injection')
• Risky Resource Management - External Control of Critical State Data
• Porous Defenses - Execution with Unnecessary Privileges
• Insecure Interaction Between Components - Cross-Site Request Forgery (CSRF)
• Porous Defenses - Use of a Broken or Risky Cryptographic Algorithm

You can see the full list here, including explanations for each.