Web Application Security

SQL Injection

Users submit queries through your forms that execute scripts against your database.

Escape form input before saving to db (addslashes)
Don't build queries dynamically (use stored procedures or adodb.php, etc)
Validate forms on the server