By securing the server, protecting your code against sql injections and XSS exploits.
But I think that mostly, you have your code on a shared hosting, so the server thing is out of your reach.
For the 2 others, search, read and document yourself.
here is nothing but "best practices" to help you learn how to program with these security problems in mind and avoid it.
First thing, for example, never use any variable from the get, post or cookies without checking them.
Those values are
always unsecure and dangerous, by definition.
On the DB side, learn about stored procedure and prepared statements to lock yourself against the most evident sql injection attacks.
Try some of those
http://www.security-hacks.com/2007/0...ction-scanners to see if your site is already subject to sql injection.
Another nasty thing is the cross site scripting.
In short, making your site execute something by making it run a php page that comes from the outside of your site.
I've heard of acunetix a lot recently, as they released an web site security scanner:
http://www.acunetix.com/
Don't know what it's worth, but there is a free version, why not check it?
So, no simple and straight answer for your question.
It takes times and efforts. And they are both continuous (the techniques of the hackers are evolving) and out of your reach for a major point: If the web server becomes physically compromised, then there is nothing you can do.
And only the hoster can take care of that point.
And trust me, for having worked in a small ISP, this point is not often in the top 5 priorities...
At least, not in a proactive way. Generally more in a reactive way.
