sql injection

Do not save password raw value on hidden box or website while showing the stars value *********, because hacker see the value of password by using software such as ariskkey, sc-passunlease, password viewer or right click the website and choose "view page sourse,

password hack by blueforce - allow 3 times input try only. It makes blueforce need longer time to hack.

session hijacking

MIME attack.

xss injection. Eg : Javascript. Method to prevent at http://php.net/manual/en/function.htmlentities.php

spamming - verify characters on image to prevent spamming.

Please tell me if I missed out any other security issue? Thank you.