Security question

[masonbarge]

I have a php/mysql CMS I made myself. I don't expect anyone to do my work for me, but I would appreciate just a word about security, just so I don't overlook something.

I have forms to edit and delete newspaper-type articles. There are ten columns in this table. I have a page that automatically lists all articles existing in the table. Each article automatically generates a link to the "edit article" page using $_GET method.

This is my current security: 1) The directory is password protected. 2) I have a blank index.php file. 3) The db connection file is outside the root directory.

To edit something, all I have to do is click a bookmark, click a link, and enter a password. The form is automatically filled with the article's content, one text input box per column, so I can just edit and submit. Is there security I can implement in addition to what I have?

Do I need to change it to $_POST? You need to enter the password to enter a $_GET string, so I figure if someone gets the password it would be as easy to hack a POST system as a GET system. (I do have a blank index.php file in the directory.)

TYIA