Chris Shiflett has a new post on his blog today that points to a sample chapter of his book, "Essential PHP Security", that's been posted over on MySQL's Developer Zone.

The sample chapter of Essential PHP Security for MySQL's Developer Zone is now available: Chapter 2, Forms and URLs.

This chapter discusses form processing and the most common types of attacks that you need to be aware of when dealing with data from forms and URLs. You will learn about attacks such as cross-site scripting (XSS) and cross-site request forgeries (CSRF), as well as how to spoof forms and raw HTTP requests manually. By the end of the chapter, you will not only see examples of these attacks, but also what practices you can employ to help prevent them.

If you haven't gotten a chance to check out the book, you definitely should. It's recieved greate reviews by people all over the community, and thought smaller, contains a lion's share of information about PHP security matters...