On his blog today, Davey Shafik has this review of Chris Shiflett's Essential PHP Security guide from O'Reilly.
Chris does an excellent job dissecting and explaining each of the 8 major security topics he covers in his book, first outlines what exactly the problem is, how easily it is to fall into the trap of making your code vulnerable to it, and how it is generally exploited. He then goes on to tell you how you can be sure that you are not vulnerable in the future.
I was fortunate enough to receive a copy of Chris Shiflett's book, Essential PHP Security published by O'Reilly.
He also notes that the "Essential" in the name is quite appropriate, and that if you purchase one PHP security book, make this the one...