One of the great attractions of PHP is that it's easy to learn, and you can use it to build interactive websites in next to no time. Just like learning to drive a car, though, early success can lead to over-confidence. This book is a timely reminder of the pitfalls that lie in wait not only for the unwary, but also for the more experienced PHP programmer.
In keeping with the title, "Pro PHP Security", the authors address many issues that beginners may not regard as being on their immediate horizon. While some issues are advanced, it's a book that should be on the reading list of every PHP user. In addition to practical examples that deal with specific vulnerabilities, there's a clear exposition of the need to understand good application design. Chapter 19 ("Using Roles to Authorize Actions") is an object lesson in how a seemingly straightforward project can rapidly overwhelm you with complexity, and provides good advice on how to avoid this sort of problem.
I suspect that most readers will gravitate towards Part 3, which concentrates on practical solutions for specific security loopholes, such as validating user input, SQL injection, cross-site scripting, and preventing remote execution. Invaluable though these chapters are, the real value lies in making the reader aware of all aspects of security. Preventing accidental deletion of data, even by trusted members of a team, is just as much a security risk as the script kiddie trying to corrupt your data. This book takes a welcome, rounded viewpoint of security issues from a variety of angles. While not scare-mongering, it's a salutary wake-up call.