There are a lot of pitfalls to using PHP, and they bite new users quickly. “Spot the vulnerability” is a cool site which highlights examples of these pitfalls: http://spotthevuln.com/ (BROKEN NOW)
Of course, PHP is a pretty speedy way to develop any type of server-side web code. Josh Lockhart has put together a list of best practices for PHP development and tailored it to new PHP developers: http://www.phptherightway.com/
If developers would follow the recommendations in the databases section it would take care of so many vulnerabilities out there today. There are parameterized database APIs available for most popular programming languages.
The section about security is informative too. I haven’t used the data filtering technique he mentions, but it seems very simple compared to the data manipulations I’ve used in PHP.
It’s a great resource…
NOTE: Spot the vuln no longer exists. Which is a shame. It’s now a redirector to a Chinese casino, or something made to look that way. I recommend not going.