I feel ya there. Security is really tough. The best way to learn how to make a secure page is to learn how to check if a page
is insecure. There are a lot of security holes in the script currently. For example [
x ].
If you can right click on an element an inspect it, you might find data in form input elements that you can manually change. If the operation still goes through, there's definitely a security flaw. There's no magical cure-all to input validation, as you have to know what kind of data you want when and where and make checks manually that no one can abuse it. Any form data is suspect!
I once heard someone complain they could change their gender to anything they wanted. While I doubt anyone is going to just willy-nilly
do that, it's the sort of thing you have to think of fixes for.
While the days of SQL injection is mostly safely behind us (database tables aren't just going to vanish), a user can still manipulate the data already in front of them (say, changing what item they're attempting to buy because they know its name or id or whatever).
Learn how to manipulate forms how a hacker would, find the problems, jot them down, and then report them and we can all work on making the script better. ^^;; Even if you can't immediately propose a way to fix a security hole, you're still capable of finding them.