This article will guide you through writing secure PHP code and covers many of the common security pitfalls one will encounter while making php applications. Covers things such as register globals, SQL injection, include files, and demonstrates how to protect against those kind of attacks. Anyone new to PHP, and even some more experianced people, should read this before deploying thier application.
This article demostrates an easy way to maintain sessions and security (or authorization) in PHP. It does NOT use the PHP built in session support. The following method will allow you to easily secure any PHP page by simply including a file at the top of every page. In this tutorial you will: a) Create your database structure; b) Create a login page; c) Create your security check include file; d) Secure your site.
Update: I fixed a couple of bugs in the article. Thanks for the feedback
Update to the update: I have fixed the article text to include the code that was missing due to the previous update.
This tutorial explains how to safely hide away PDF files from public access using htaccess, but then having a PHP file run its own authorization to allow access to the file without the Network Password dialog box. The PDF file will be displayed in the browser (if the user has acrobat reader) or promoted to download the pdf file if the user doesn't have acrobat reader. This is perfect for when you want to restrict PDF files to authorized eyes only. This simple to use tutorial will have you up and running in a few minutes, one page of info with full source code, and working examples.