PHP Security Leading Practice

Global Variables
One does not need to explicitly create "global variables" this is done via the php.ini file by setting the "register_globals" function on. Appending global variables to the URL may be a way to circumvent authentication.

Error handling
If possible check if one has turned off error reporting via php.ini and if "error_reporting" off.

Good Things to Use
strip_tags: Removes any HTML from a String nl2br: Converts new line characters to HTML break "br" htmlspecialchars: