What are some best practices for preventing XSS and SQL injections in PHP projects?

XSS (Cross-Site Scripting) and SQL injections are common security vulnerabilities in PHP projects. To prevent XSS attacks, always sanitize user input before displaying it on the page. To prevent SQL injections, use prepared statements or parameterized queries when interacting with a database.

// Sanitize user input to prevent XSS attacks
$user_input = htmlspecialchars($_POST['user_input'], ENT_QUOTES);

// Use prepared statements to prevent SQL injections
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
$stmt->execute([$user_input]);