Tips for writing secure PHP?

I am working on a log in system for my website. Can someone tell me if this is safe PHP? I am creating a salt with md5 and sha1. Then I am combining the salt with my password and then hashing it again. Is this safe? Also, is this the proper way to read session variables?
if($password != $_SESSION[‘password’]) {return false;}

I want to make sure my website is a s safe as possible? Any tips?

See for how to do password hashing in PHP - this works native in PHP 5.5 and there is a patch available to implement it in PHP 5.3.

This then takes care of upgrading password hashing as needed without you having to rewrite your code.