What is major security hole in PHP and how can we avoid them?

Question

I Know that we can always fetch from one database server and rewrite it to another. But what is the simplest way to do this?

Answer 1

1. Never include,open a file with filename based on user input, without checking it thoroughly.
   2.Be careful while using register_globals=ON. It is designed to make programming in PHP easier, but misuse of it often led to security holes.
2. Never use un-escaped queries.
3. For protected areas, use sessions or validate the login every single time.
4. If you dont want the file contents to be seen,give the file a .php extension.