PHP is a general-purpose server-side scripting language for creating dynamic web pages. Most people grasp PHP syntax rather quickly and will within short time be able to produce a script that works using online tutorials, references & books. The problem is that most people forget the security aspect of PHP that one must consider when writing PHP applications. Presented are the most common PHP web application vulnerabilities & the necessary mechanisms required to write secure code by leveraging PHP's unique features. Also mentioned are the common programming mistakes done by developers when building PHP web applications & necessary means to protect against such vulnerabilities.