What are the potential consequences of not properly escaping and sanitizing user input in PHP?

When user input is not properly escaped and sanitized in PHP, it can lead to security vulnerabilities such as SQL injection, cross-site scripting (XSS), and other forms of attacks. To mitigate these risks, it is crucial to always escape and sanitize user input before using it in your application.

// Example of properly escaping and sanitizing user input in PHP
$userInput = $_POST['user_input'];

// Escape the user input to prevent SQL injection
$escapedInput = mysqli_real_escape_string($connection, $userInput);

// Sanitize the user input to prevent XSS attacks
$sanitizedInput = htmlspecialchars($escapedInput);

// Now you can safely use $sanitizedInput in your application