What are the potential issues with using echo in PHP to insert variables into email content?

Using echo to insert variables into email content can lead to security vulnerabilities such as cross-site scripting (XSS) attacks if the variables are not properly sanitized. To prevent this, it is recommended to use htmlspecialchars() function to escape special characters in the variables before echoing them into the email content.

$emailContent = "Hello, " . htmlspecialchars($username) . "! Welcome to our website.";
echo $emailContent;