I haven't moved PHP for a long time, but I have to write an e-commerce for my friends, I have to pay attention to the security problem, so I can check the security angel's article is very good for primary injection. It is already possible to prevent it.
http://www.4ngel.net/Article/36.htm
