What are the common pitfalls to avoid when working with MySQL queries in PHP to prevent errors or vulnerabilities?

Issue: SQL Injection Vulnerabilities To prevent SQL injection vulnerabilities, always use prepared statements with parameterized queries when interacting with MySQL databases in PHP.

// Connect to MySQL database
$mysqli = new mysqli("localhost", "username", "password", "database");

// Prepare a SQL query using a prepared statement
$stmt = $mysqli->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);

// Set the parameter values and execute the query
$username = "admin";
$stmt->execute();

// Bind the result variables and fetch the results
$stmt->bind_result($id, $username, $email);
$stmt->fetch();

// Close the statement and connection
$stmt->close();
$mysqli->close();