What potential pitfalls should be avoided when working with $_POST values in PHP classes?

One potential pitfall when working with $_POST values in PHP classes is not properly sanitizing the data before using it, which can lead to security vulnerabilities such as SQL injection or cross-site scripting attacks. To avoid this, always sanitize and validate user input before using it in your application.

class User {
    private $username;

    public function setUsername($username) {
        // Sanitize and validate the input
        $this->username = filter_var($username, FILTER_SANITIZE_STRING);
    }

    public function getUsername() {
        return $this->username;
    }
}

$user = new User();
$user->setUsername($_POST['username']);
echo $user->getUsername();