Where to begin? There's a lot of fundamental knowledge which helps the Drupal learning curve but I've found some rules that I stick as close as possible to, to help me through the day.

Respect the core

There's a good reason to not alter the core files. Its called maintenance. Drupal allows a developer to keep custom code in only one or two locations which makes replacing core files that much easier.

If you have to alter the core files, DOCUMENT IT. A small text file for your own purposes in the root of the site could really help. Call it something obvious like README.txt or MODIFICATIONS.txt or whatever you choose, then have a clear readable structure to the doc to help you out. Here's an example:

Think of the Hackers

There are so many script kiddies around now that we constantly have to keep our guard up. In the past we had several Joomla sites compromised because the clients did not keep up maintenance or want to have any kind of support package in place so we would do it. By documenting any core module changes you can update to the latest, most secure version at a moment's notice.

When writing your code. Never output submitted text directly to the screen and never use it without checking it first in an SQL query. Let me show you a non-drupal specific example.

You are creating a login box of your own for some reason. The user has the usual username and password fields. The values of these fields go straight into a db query.

Normal user

When we get to the query:

Now for the malicious user

It may look odd but see what happens

And there you have it. An instant admin login.