Top 7 PHP Security Blunders
Regenerating the session id on login is one I hadn’t heard of before, but I’ll use it from now on. But turning magic quotes on? That’s just moronic. The only truly safe way of doing things right is to use prepared statements (or simulate them).