PHP and SQL Injection

Lately I have been playing around a lot with PHP vulnerabilities and SQL injection. I found some really great guides on milw0rm and read as much as I could. I also needed a test box running PHP and an SQL server to experiment on. I installed XAMPP because it was so quick and easy to setup. I made a few scripts to test on, but upon further inspection on their PHP code I found that there were plenty of exploits in the sample applications. The CD app and the phonebook app both have sql injection vulnerabilities and the phonebook has a stored XSS vulnerability. I then did a google search(intitle: xampp version) and found that there are many systems on the net that have xampp installed with a default setup. I was able to learn by playing around with xampp.