I’ve been working with Zend Framework 2 for a while now, trying to learn it and map its concepts to those from Zend Framework 1. One of the things that hasn’t changed is the framework’s support for security - it still has a bunch of useful components which let you protect your PHP application from SQL injection, XSS, CSRF, spam, and brute-force password hacking.
You don’t need to be using Zend Framework either - the framework is loosely coupled, so you can use the components on a standalone basis. If you’re not familiar with framework-based development, this gives you all the benefits of components like Zend\InputFilter and Zend\Escaper without the additional overhead and learning curve.
Read more in my IBM developerWorks article on web application security and find out how to harden your application against bad input, XSS vectors, bots and spam. Code examples are included for both framework and standalone usage.