“No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer.”

An interesting article on Security Focus illustrates examples on PHP coding and vulnerabilities.
The attacks explained in the article are:

1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Username enumeration