PHP is a popular server-side scripting language for serving dynamic pages. It’s simple to code and debug and has good support with database like mysql, mssql, oracle. Insecure php code, however is very simple to be hacked.
This article explains a few such vulnerabilities, so that you can avoid them in your scripts. I will also explain methods to tweak PHP config files(php.ini) for maximum security.
The number one security topic present in applications that use PHP is the SQL injection. This is because PHP allows for web developers to make unfortunate mistakes when it comes to creating their SQL queries. But thankfully, fixing the problem is easy: all that is necessary is a few tips in security.
Database abstraction layers like PHP's Portable Data Objects (PDO) are not a new concept, but a lot of developers don't seem to realise the security benefit they're getting for free by using them - inherent protection against SQL injection. SQL injection is the buffer overflow of the web application world - it's been around forever, and every web application developer should know how to write secure code that's not vulnerable to it.
Secure Your PHP Scripts 
