security to POST-PHP

 POST-method variables. Form field data from regular 
POST-method forms.
PHP automatically creates variables for all the data it receives
 in an HTTP request. This can include GET data, POST data,
 cookie data, and environment variables. The variables are 
either in PHP's global symbol table or in one of a number
 of superglobal arrays, depending on the value of the
 register_globals setting in your php.ini file. 

mysqli_real_escape_string can be add for security reson.

A common error people make when using sessions is that they
 tend to use it as a replacement for authentication -- or sometimes 
as an add-on to authentication. Authenticating a user once as he
 first enters your site and then using a session ID to identify that 
user throughout the rest of the site without further authentication 
can lead to a lot of problems if another person is somehow able
 to get the session ID. There are a number of ways to get the 
 session ID:
  • If you are not using SSL, session IDs may be sniffed
  • If you don't have proper entropy in your session IDs,
     they may be guessed
  • If you are using URL-based session IDs, they may 
    end up in proxy logs
  • If you are using URL-based session IDs, they may 
    end up bookmarked on publicly-accessible computers
Forcing HTTP Authentication on each page over SSL is the
 most secure way to avoid this problem, but it tends to be a 
bit inconvenient. Just keep the above points in mind when 
building a web application that uses sessions to store users' 
personal details.