What are common errors when using MySQL queries in PHP and how can they be avoided?

One common error when using MySQL queries in PHP is not properly sanitizing user input, which can lead to SQL injection attacks. To avoid this, always use prepared statements with parameterized queries to securely pass user input to the database.

// Example of using prepared statements with parameterized queries to avoid SQL injection

// Establish a database connection
$mysqli = new mysqli("localhost", "username", "password", "database");

// Check connection
if ($mysqli->connect_error) {
    die("Connection failed: " . $mysqli->connect_error);
}

// Prepare a statement
$stmt = $mysqli->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);

// Set parameters and execute
$username = $_POST['username'];
$stmt->execute();

// Process the results
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // Do something with the data
}

// Close the statement and connection
$stmt->close();
$mysqli->close();