You must be very carefull if you use register_globals, example:-
if($adminpassword == $upassword){
$admin = "1";
}
if($admin == "1"){
//Display secure information
}
As you can imagine, if the users puts index.php?admin=1 - your
website hosting is instantly vulnerable. You must make sure to define all variables at the top of your script (that aren't from a form). A fix for the above script would be just to add $admin = "0"; at the top.