Hi -
1. As far as PHP security, your best bet is safe coding practices. There are lots of sites; there's lots of good information on this site alone:
http://www.tutorialized.com/tutorials/PHP/Security/1
<= You have to click two or three levels down to get to the actual tutorials ...
... but they're worth it!
2. HTML vulnerabilities are certainly one area worth protecting against. But SQL vulnerabilities (e.g. SQL injection) are equally worthy of your attention:
http://www.tutorialized.com/view/tut...-hackers/41498
<= You can find many, many other sites discussing SQL injection, and related issues
3. Finally, if you're new to SQL, I would encourage you to get this book:
SQL Queries for Mere Mortals, John L. Viescas; Michael J. Hernandez
<= This will pay for itself within hours! Satisfaction guaranteed!
'Hope that helps .. PSM