Rating: 

The book started off with the basic stuff: Don't trust input, always escape output, etc. Very basic. In fact I wondered if this book was a little too basic.

And then, with each progressive chapter, my attitude slowly changed from "yeah, yeah", to "hmmmm", to "oops".

It's not only because the author mercilessly brings up exploit after exploit, saying "did you think about this? and how about this, did you think about that?"; it's also because he explains why it's important, how to exploit it, and what people can do to your site if you didn't think about that.

Now, I'll go back to my PHP code and rewrite, oh, one or two classes. Or more.