[AntiSilence]

I don't know anything specific to PHP, but in general, like Damien says with the parameterised queries are a must, and always validate user input.