Few more coding practices can be done to avoid PP Form HijackingUser Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions before submitting data to the server
how can Prevent form hijacking in PHP?
(1). Make register_globals to off to prevent Form Injection with malicious data.
(2). Make Error_reporting to E_ALL so that all variables will be intialized before using them.
(3). Make practice of using htmlentities(), strip_tags(), utf8_decode() and addslashes() for filtering malicious data in php
(4). Make practice of using mysql_escape_string() in mysql.