Pro PHP Security is one of the first books devoted solely to PHP security. It will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. (And the methods discussed are compatible with PHP versions 3, 4, and 5.)
The knowledge you'll gain from this comprehensive guide will help you prevent attackers from potentially disrupting site operation or destroying data. And you'll learn about various security measures, for example, creating and deploying "captchas", validating e-mail, fending off SQL injection attacks, and preventing cross-site scripting attempts.
This book is great because it's thorough and on each topic it gives lots of links to additional resources. It's easy to read and it's organized well so you can find what you're looking for.
One of the main things you'll appreciate about this book is that it gives just the right amount of information. It focuses on practical usage of security techniques but you'll also like to know the high-level picture of how and why things got to be the way they are. This book tells you exactly what you'll want to know. A good example is the the section on hashing and encryption. It gives some simplified examples of how the algorithms work and talks about where they came from, which ones are better and why, and how to use them. But it doesn't dive too deeply into encryption theory which would only be interesting to someone wanting to code an encryption routine.
Some of the interesting things you'll learned from this book are:
1) You'll learn about the various hashing and encryption algorithms. Which ones are good and just how good are they.
2) You'll learn all about protecting against cross-site scripting and sql injection. It also has links to sites with sample hack attacks you can run against your own website to see if it's vulnerable.
3) You'll learn how to do captcha screening to make sure people registering for my site are real humans and not robots. As usual, the author provides lots of links to other sites for more resources on captcha.