In my opinion, php is one of the most effective and easy programming languages. Even a novice user with only minimum understanding of the basic principles of web programming can write its own fully functional snippets.
OK, Where is the catch?
Like with all great things, there is a catch.
The WWW is wild. Our web-apps are under constant attack by all kinds of malicious users.
A common phrase for this is “Assume all input is malicious“.
Every single input variable should be sanitized. This includes the data retrieved from the user browser cookies. Don’t assume they won’t notice an obscured variable that does not get filtered. They will.
I know it’s sometimes boring to mess with already working code, but its vital if you want your website working for longer than a month.
I was going to post some basic tips on input variable sanitization filters and methods but I came across this website, which covers the topic in much more detail than I would.