What are some common pitfalls to avoid when coding a search function in PHP?

One common pitfall to avoid when coding a search function in PHP is not properly sanitizing user input, which can lead to SQL injection attacks. To prevent this, always use prepared statements or parameterized queries when interacting with a database.

// Example of using prepared statements to prevent SQL injection

$search_query = $_GET['query'];

$stmt = $pdo->prepare("SELECT * FROM products WHERE name LIKE :search_query");
$stmt->bindValue(':search_query', "%$search_query%");
$stmt->execute();

$results = $stmt->fetchAll();