I'd like to add one more, use security tokens. A security token makes sure the client did sent a certain request to your application. I'm maintaining the following open-source PHP package: CSRF Protection where you can use tokens and validate them without too much boilerplate code.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.