What are the potential security risks of not sanitizing user input in PHP?

Not sanitizing user input in PHP can lead to various security risks such as SQL injection, cross-site scripting (XSS), and command injection. To mitigate these risks, it is essential to sanitize user input by validating and filtering the data before using it in any database queries, outputting it to the browser, or executing system commands.

// Sanitize user input using filter_var()
$userInput = $_POST['user_input'];
$sanitizedInput = filter_var($userInput, FILTER_SANITIZE_STRING);