What are potential pitfalls when working with encryption functions like mcrypt in PHP?

One potential pitfall when working with encryption functions like mcrypt in PHP is using outdated or insecure encryption algorithms. To solve this issue, it is important to always use modern and secure encryption algorithms, such as AES. Additionally, make sure to use a secure key generation method and properly handle encryption keys to prevent security vulnerabilities.

// Example of using AES encryption with a secure key generation method
$key = openssl_random_pseudo_bytes(32); // Generate a secure random key
$data = "Sensitive data to encrypt";

$encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, 0, $key);
$decrypted = openssl_decrypt($encrypted, 'AES-256-CBC', $key, 0, $key);

echo "Original data: $data\n";
echo "Encrypted data: $encrypted\n";
echo "Decrypted data: $decrypted\n";