Adding onto what @Rubble said, most of it is based on logic. If you understand basic logic on how
PHP works, you should be ok. The only hard part I would say is thinking about security more wisely. Should a regular visitor be able to delete a photo at will? Are you trying to make it so only you can add and delete photos? The big question is, where are you going to start? Where you start, you have to think about security.
PHP isn't a language where you're safe from attacks. Most
WordPress sites get attacked daily. On my personal website, it's been sniffed for
WordPress installation multiple times. Though the bots really can't do anything since I don't use
WordPress. I also take proper precautions so if they were to try and log in, they would need to have a legitimate account and a 2FA key. I already got like a lot of log in attempts, but since those accounts don't exist, those 2FA keys are never sent. Thus making those log in attempts useless.