Twilio's "Everything You Ever Wanted to Know About Secure HTML Forms" does a great job of breaking down the mechanisms that make a form vulnerable, and the methods you can use to secure them.
A brief but well-explained overview of how session handling and logging can play a role in securing your website's user input and form handling
A more comprehensive explanation of form security elements, including compliance, which is a major concern for many online businesses.
"Give me Parameterized SQL or Give me Death"
CodingHorror.com's dramatically titled article on parameterized queries really does a great job of breaking down the value of using this technique to protect your databases.