This is my first "short" that is PHP specific and not Solar Framework related, I hope to keep these coming as well.

A search for the phrase "secure php" on Google returns a ton of results but scanning through the first couple pages of results it becomes clear that when you talk about security and PHP people tend to focus on 2 things, the code and PHP itself.

Few people take security any further then that but in reality security is only as strong as your weakest link, while your concerned about XSS and SQL injection its very likely someone is currently using a brute-force attack on your host to get shell access!

So, looking through the first few pages of Google, what is said about getting a secure PHP installation? People discuss installing Apache, Mod_Security, or even items like Suhosin but very few of them even mention anything beyond that?

If you are in the process of doing any of the above things its very likely you have your own vps/box/slice/cloud server that you just had turned on/spun up for you and are getting it ready to start serving pages from your oh so secure PHP software, you follow the directions you find and feel safe and snug.

Fact of the matter PHP Security goes way beyond PHP right down to the very OS and the settings for that OS your running on! If your setting up your PHP install and searching for "secure php" I urge you to also secure for "secure YOURUS".

You still think your secure, ask yourself a few questions (the answer should be yes to all of these)

1. Have you disabled exec on your tmp folders
2. Do you know all the services running and why they are running?
3. Did you uninstall any unneeded packages?
4. Do you know if you have any kind of firewall and is it active?

Don't let security stop at "secure php", look at your whole install from the ground up please.