What are the common pitfalls to avoid when using PHP to manipulate HTML elements for user interface enhancements?

One common pitfall when using PHP to manipulate HTML elements for user interface enhancements is not properly sanitizing user input, which can lead to security vulnerabilities such as cross-site scripting (XSS) attacks. To avoid this, always sanitize user input before outputting it to the HTML.

// Sanitize user input before outputting it to HTML
$user_input = "<script>alert('XSS attack');</script>";
$sanitized_input = htmlspecialchars($user_input, ENT_QUOTES, 'UTF-8');
echo "<p>" . $sanitized_input . "</p>";