With regard to SQL injections, if you don't use an abstraction layer and are using postgresql (applause! :-) be sure to use:
It's available since PHP5.1
And remember to revisit the excellent (!) online PHP manual plus comments every now and then to check for new and improved features.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds