On the NETTUTS.com website, there's a great article with some "essential security considerations" that you can use to see just how hackable your site could be.

This article walks through the brainstorming stage of planning for what is in this instance, a hypothetical user-centric web application. Although you won’t be left with a complete project â€" nor a market ready framework, my hope is that each of you, when faced with future workloads, may muse on the better practices described. So, without further ado...Are you sitting comfortably?

The tutorial is broken up into a few sections based around an example with a few points of failure (about book information). They work through the thought process behind the code, using the $_REQUEST variables correctly, preventing SQL injections, filtering the HTML output and a sample code download for you to see how it's all tied together.

The WebReference.com website has an introductory tutorial showing the budding PHP develper how to get started with one of the keys to web application interaction - forms.

Forms are how your users talk to your scripts. To get the most out of PHP, you must master forms. The first thing you need to understand is that although PHP makes it easy to access form data, you must be careful of how you work with the data.

The first part of the tutorial is focused on something many applications don't worry about - the security and integrity of the data submitted to them. They talk about things like filtering and various other checks to ensure that the data you're getting is good. They also mention the method for putting submitted values into PHP arrays, checking for valid values, using multiple submit buttons and an example of some of these methods all put together - validating a credit card number.

Besides all of the usual Valentines day logo fun from some of the major sites out there, Paul Reinheimer also points out a special little something on the Funcaday.com website:

Want a custom one to share with someone you care about. Fill out the form here. It's a subtle effect though, they'll need to read it. Valid characters for names are just alphabetics and the underscore, sorry.

The custom output is a great little addition to the site - put in person one's name and person two's name and it updates the image to show the new parameters. Ah, geek love...

Ed Finkler has released the latest version of his Inspekt input filtering/output validation library for PHP5:

I've uploaded the 0.3 release of Inspekt, the input filtering and validation library for PHP4 and 5. With this release, Inspekt completes the goals of the original specification for the OWASP SpoC007 project. I believe it is ready for "real-world" use.

Along with the new code being released there's also more documentation, API docs, a PEAR channel and a mailing list.