What are some potential pitfalls when using PHP to manipulate text content on a website?

One potential pitfall when using PHP to manipulate text content on a website is not properly sanitizing user input, which can lead to security vulnerabilities such as SQL injection or cross-site scripting attacks. To mitigate this risk, always use functions like `htmlspecialchars()` or `mysqli_real_escape_string()` to sanitize user input before using it in your PHP code.

// Sanitize user input using htmlspecialchars()
$user_input = "<script>alert('XSS attack');</script>";
$sanitized_input = htmlspecialchars($user_input);
echo $sanitized_input;