What is the purpose of escaping input in PHP and what potential issues can arise from improperly escaping data?

Escaping input in PHP is important to prevent SQL injection attacks and cross-site scripting (XSS) vulnerabilities. Improperly escaping data can lead to malicious users injecting harmful code into your application, potentially compromising sensitive data or damaging the functionality of your website.

// Escaping input using mysqli_real_escape_string function
$input = $_POST['input'];
$escaped_input = mysqli_real_escape_string($connection, $input);