Here are some articles I found about securing PHP web applications:
- http://net.tutsplus.com/tutorials/php/5-helpful-tips-for-creating-secure-php-applications/
- http://www.php.net/manual/en/security.php
- http://en.wikipedia.org/wiki/Cross-site_scripting
- http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html
- http://www.devlounge.net/code/php-security