So what kind of things should a person using PHP and MySql be focused on to maximize security.

Things I have done:
-mysql_real_escape_string all inputs
-validate all inputs after escaping em
-Placed random alpha numerics before my table names
-50character salt + Ripemd passwords

Heres where I think I am slacking:
-I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is:

session_start(); 
$_SESSION['login']= $login;

and checking it with:

session_start();
if(isset($_SESSION['login'])){

-I heard something about other forms of injection like cross site injection and what not... -And probably many other things I dont know about.

Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.