What are the potential pitfalls to avoid when adding a chatroom to a PHP forum?

One potential pitfall to avoid when adding a chatroom to a PHP forum is the risk of SQL injection attacks if user input is not properly sanitized. To prevent this, always use prepared statements when interacting with the database to prevent malicious SQL queries.

// Example of using prepared statements to prevent SQL injection
$stmt = $pdo->prepare("INSERT INTO chat_messages (user_id, message) VALUES (:user_id, :message)");
$stmt->bindParam(':user_id', $user_id);
$stmt->bindParam(':message', $message);
$stmt->execute();