Hey man, I'm home-brewing a small 3d marketplace for myself and some community members to post up 3d models and model packs and such for sale, and I want to get it secured by someone who knows how. Reading your feedback you seem to be a pretty cluey gentleman in this field.
The site I am making is [url removed, login to view] - it's currently just mysql_real_escape'd, with no real security. All purchases are going to be done through paypal externally because paypal integration is another thing I have no idea about. If you want to sign up a dummy account and have a look at the site, upload an empty zip file to see how the product upload works and such, it may help you to understand the scope of the site.
It's a lot of learning as I go stuff at the moment and a lot of it (especially the css) is going to change, but as you'll be able to see, it's heavily ajax'd and I'm starting to play with some php flush features. Most of the ajax requests are for things like deleting images, items, changing text, prices, images etc so they all need to be very secure.
Although it's only aimed at a small community of people, I'd like to eventually open it up to a wider audience if we ever get the traffic and I'd like the security to be there from day one. Most of the features are in, I am just tidying my messy code and fixing neglected features. Soon I'll start on completely redoing the layout so I'm a good several months from needing this work done, but I'd like to see what your price range would be for a site with a fair bit of ajax stuff going on and about 20 interactable pages. When I say "secure the site", I mean I would hand over all my source code and empty sql databases for you to tear apart, recode, and make secure, essentially I'd like to hire you as a coder for securing the website. I've put in $30 below just because it's a required field but I have no idea what you would expect for this kind of work. Let me know, my email is black_stormy spamblockgibberish @ spamblockgibberish [url removed, login to view] (last time I posted my un-gibberished email up here I had to shut it down)
Also if you have any paypal experience I'd like to outsource that entirely too. I've pretty much had enough of coding this damn thing and want to get it happening already, haha.