What potential pitfalls should be considered when attempting to implement sorting functionality in a PHP application, especially when dealing with database queries?

When implementing sorting functionality in a PHP application, especially when dealing with database queries, potential pitfalls to consider include SQL injection vulnerabilities if user input is not properly sanitized, inefficient queries if indexes are not utilized, and potential performance issues if large datasets are being sorted without pagination.

// Example of implementing sorting functionality in a PHP application with proper input sanitization

// Get the sort parameter from user input
$sort = isset($_GET['sort']) ? $_GET['sort'] : 'default';

// Define an array of allowed sort options to prevent SQL injection
$allowed_sorts = ['name', 'date', 'price'];

// Check if the user input is in the allowed sort options
if (!in_array($sort, $allowed_sorts)) {
    $sort = 'default';
}

// Use the $sort variable in the database query
$query = "SELECT * FROM products ORDER BY $sort";
// Execute the query and fetch results