>>21
just had a quick glance, but my advice is to read this:
http://www.sitepoint.com/article/php-security-blunders/