What are common pitfalls when using PHP with MySQL queries?

One common pitfall when using PHP with MySQL queries is not properly escaping user input, which can leave your application vulnerable to SQL injection attacks. To prevent this, always use prepared statements or parameterized queries to sanitize user input before executing the query.

// Example of using prepared statements to prevent SQL injection
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();