What are the potential pitfalls of using the /e modifier in preg_replace in PHP?

Using the /e modifier in preg_replace in PHP can be risky as it evaluates the replacement string as PHP code, which can lead to security vulnerabilities if the input is not properly sanitized. To avoid this issue, it is recommended to use the preg_replace_callback() function instead, which allows you to specify a callback function to process the replacement string.

// Using preg_replace_callback() to safely replace matches
$string = "Hello, World!";
$pattern = "/World/";
$replacement = "PHP";

$new_string = preg_replace_callback($pattern, function($matches) use ($replacement) {
    return $replacement;
}, $string);

echo $new_string; // Output: Hello, PHP!