What are some best practices for handling external data sources in PHP scripts to ensure data integrity and security?

When handling external data sources in PHP scripts, it is crucial to validate and sanitize the input data to prevent SQL injection, XSS attacks, and other security vulnerabilities. Using prepared statements with parameterized queries can help protect against SQL injection attacks. Additionally, implementing input validation and output encoding can further enhance data integrity and security.

// Example of using prepared statements with parameterized queries to handle external data sources securely

// Establish a database connection
$pdo = new PDO("mysql:host=localhost;dbname=mydatabase", "username", "password");

// Prepare a SQL statement with a parameterized query
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");

// Bind the parameter value
$stmt->bindParam(':username', $_POST['username']);

// Execute the query
$stmt->execute();

// Fetch the results
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);

// Output the results
foreach ($results as $row) {
    echo $row['username'] . "<br>";
}