I suggest Google
. A few good searches like "common web security holes" or "web application security" or similar ought to produce plenty of leads. Also, most of the good PHP article/tutorial sites have a few articles about writing secure scripts. Also, since so many PHP apps are written in conjunction with MySQL, do a few searches concerning database security issues also. The words will serve you well. Again, your best tool is Google. Good luck -- it sounds like a tough project, but, at the risk of sounding petulant, since it's for a school project I think you should do a bit more of your own "guiding" rather than asking us to provide answers. But I'll leave you with two handy phrases: "register global variables" and "SQL insertion attack". Remember, Google is your friend.