What are some common pitfalls that PHP beginners may encounter when working with database queries like the one in the forum thread?

One common pitfall for PHP beginners when working with database queries is not properly sanitizing user input, which can lead to SQL injection attacks. To prevent this, beginners should use prepared statements or parameterized queries to securely interact with the database.

// Using prepared statements to prevent SQL injection
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->execute(['username' => $_POST['username']]);
$user = $stmt->fetch();