Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
"Convert the string from utf-8 to utf-8 making sure you remove any character sequences that are not valid for utf-8"
I must add that this must be accompanied by strict enforcement of utf-8 encoding to the client to avoid legitimate clients sending you their weird Elbonian encoding and getting their data mangled. This is not related to security, just to the proper functioning of the site. An attacker will not send you well-formed utf-8 because he's a nice guy, that's why you don't trust him to, and that's why you force clean his input.
Chris Shiflett's Security Workbook
Excellent PDF covering security in PHP.
Is anyone aware of another good book on the topic? Yes Chris's book is excellent, but I've been wondering if there have been new developments since it came out in 2005, and I've been feeling hungry for more as I get back in the saddle to tackle new projects.