What are common pitfalls to avoid when implementing a feature like combinable search filters in PHP?

// Example of sanitizing and validating user input for combinable search filters
$searchTerm = isset($_GET['search']) ? filter_var($_GET['search'], FILTER_SANITIZE_STRING) : '';

// Use prepared statements to prevent SQL injection
$stmt = $pdo->prepare("SELECT * FROM products WHERE name LIKE :searchTerm");
$stmt->bindValue(':searchTerm', '%'.$searchTerm.'%', PDO::PARAM_STR);
$stmt->execute();
$results = $stmt->fetchAll();