Great posts so far, just like to add a couple that may be of interest
PHP Security Consortium - Shame its not been updated for a while but still a worthwhile lead
The Unexpected SQL Injection - Detailed paper on SQL injection and some specific examples for PHP / Mysql
PHP Developers Network - Security forum on PHP developers network, has a number of links to other useful documents
Hopefully someone will find these links useful