What improvements could be made to the code snippet in terms of security and performance?

The code snippet currently is vulnerable to SQL injection attacks as it directly inserts user input into the SQL query. To improve security, we should use prepared statements with parameterized queries to prevent SQL injection. Additionally, to enhance performance, we can optimize the query by selecting only the necessary columns and adding indexes to columns used in the WHERE clause.

// Improving security and performance by using prepared statements and optimizing the query

// Assuming $conn is the database connection

// Input from user
$user_id = $_POST['user_id'];

// Prepare statement
$stmt = $conn->prepare("SELECT username, email FROM users WHERE user_id = ?");
$stmt->bind_param("i", $user_id);

// Execute statement
$stmt->execute();

// Bind results
$stmt->bind_result($username, $email);

// Fetch results
$stmt->fetch();

// Display results
echo "Username: " . $username . "<br>";
echo "Email: " . $email;

// Close statement
$stmt->close();