What potential pitfalls should be avoided when implementing a dynamic links collection in PHP?

One potential pitfall to avoid when implementing a dynamic links collection in PHP is not properly sanitizing user input before using it in the links. This can leave your application vulnerable to cross-site scripting (XSS) attacks. To mitigate this risk, always sanitize user input using functions like htmlspecialchars() before outputting it in the links.

// Sanitize user input before using it in links
$userInput = $_GET['user_input'];
$sanitizedInput = htmlspecialchars($userInput);

// Use the sanitized input in the links
echo '<a href="https://example.com/?param=' . $sanitizedInput . '">Link</a>';