1) Unvalidated Input Errors
2) Access Control Flaws
3) Session ID Protection
4) Cross Site Scripting (XSS) Flaws
5) SQL Injection Vulnerabilities
6) Error Reporting
7) Data Handling Errors
8) Form Duplication.
Now we are discssed above points in details
1) Unvalidated Input Errors
most common PHP security issue is the unvalidated input error. User provided data cannot be trusted. Each time its not possiable that we can validate each and every condition of data. To avoiding this
u have handel each and every condition of validation which is most time applicable to that dara. You should always validate your user provided data by rejecting anything other than the expected data. Never use the approach that you'll accept anything except data you know to be harmful this is a common source of security flaws.
Always remember general many peoples and compitator are always think that how you are application is bomb or failed in this security condition.
2) Access Control Flaws
You should check the users access privileges upon every load of a restricted page of your PHP application. You have to always take care of user type also its IP Address for security reason. Always use .htaccess for restricting specific user and ip addresses. Always place configuration file out side accessiable directory. Always use Directory Structure for security reason.
3) Session ID Protection
Session ID hijacking can be a problem with PHP Websites. The PHP session tracking component uses a unique ID for each user's session, but if this ID is known to another user, that person can hijack the user's session and see information that should be confidential. Session ID hijacking cannot completely be prevented; you should know the risks so you can solve them.
If your site is handling critical information such as credit card numbers, always use an SSL secured connection. This will help reduce session hijacking.
4) Cross Site Scripting (XSS) Flaws
Cross site scripting, or XSS, flaws are a subset of user validation where a malicious user embeds scripting commands. Example Javascript.
Use Filters for avoiding this such a types of issues.
5) SQL Injection
SQL injection are yet another class of input validation flaws. Specifically, they allow for the execuation of a database query which are affected database.
PHP's much-reviled magic quotes feature is enabled by default in current versions of PHP. This feature, which can be disabled by setting the magic_quotes_gpc php.ini variable to Off, will automatically apply addslashes to all values submitted via GET, POST or cookies.
you also use stripslashes() for avoiding this such a tyep of problem.
6) Error Reporting
You should ensure that your display_errors php.ini value is set to "0". Otherwise, any errors that are encountered in your code, such as database connection errors, will be output to the end user's browser.
Instead of displaying errors, set the error_log ini variable to "1" and check your PHP error log frequently for caught errors.
you can develop your own error handling functions that are automatically invoked when PHP encounters an error, and can email you or execute other PHP code of your choice.
7) Data Handling Errors
The most common type of data handling error is in the unencrypted HTTP transmission of sensitive data that should be transmitted via HTTPS. Credit card numbers and customer information are the most common types of secured data.Use SSL security whenever you transmit sensitive data from your application to a user's browser. The same type of risk can occur when applications are updated using FTP, which is an insecure protocol. Transferring a PHP file that contains database passwords to your remote Webserver over an insecure protocol like FTP can allow an eavesdropper to sniff the packets and reveal your password. Always use a secure protocol like SFTP or SCP to transmit sensitive files.
8) Form Duplication.
Always try to generate unique id for form and validate It. After Validation form execuation will be proced.
This validation is help to increase form security and its execuation.
If you have any query or any problem than always welcome. 
XML Feeds
