What are some potential pitfalls when using iframes and if-statements in PHP?

Potential pitfalls when using iframes and if-statements in PHP include security vulnerabilities such as cross-site scripting (XSS) attacks if user input is not properly sanitized before being used in iframes or if-statements. To mitigate this risk, always validate and sanitize user input before using it in iframes or if-statements to prevent malicious code execution.

// Example of sanitizing user input before using it in an iframe
$user_input = $_POST['user_input'];

// Sanitize user input using htmlspecialchars to prevent XSS attacks
$sanitized_input = htmlspecialchars($user_input);

// Use the sanitized input in the iframe
echo "<iframe src='https://example.com/?data=$sanitized_input'></iframe>";