How can a PHP developer avoid common mistakes when querying data from databases with PHP?
To avoid common mistakes when querying data from databases with PHP, developers should use prepared statements to prevent SQL injection attacks, properly sanitize input data to prevent cross-site scripting (XSS) attacks, and handle errors gracefully to avoid exposing sensitive information.
// Example of using prepared statements to query data from a database in PHP
$pdo = new PDO('mysql:host=localhost;dbname=mydatabase', 'username', 'password');
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->bindParam(':username', $_POST['username']);
$stmt->execute();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($results as $row) {
echo $row['username'] . '<br>';
}