Today PHP emerged as one of the leading programming languages used in web development. It had increased the responsibility of PHP programmers to save web pages from security threats. Some holes in programming can damage the whole website. Sometimes programmers, in most cases beginners, are not aware of these security holes. In this tutorial we are going to discuss where could be the problem and we would be able to fix them. 1) Global Variables (regiser_globals): You should do your best to write your scripts so that they do not require register_globals to be on. Using variables as globals can easily lead to possible security problems. For example <?php // define $authorized = true only if user is authenticated if ( authenticated_user ()) { $authorized = true ; } // Because we didn't first initialize $authorized as false, this might be // defined through register_globals, like from GET auth.php?authorized=1 // So, anyone can be seen as authentic