What potential pitfalls should be considered when fetching data from a MySQL database in PHP?

One potential pitfall when fetching data from a MySQL database in PHP is SQL injection attacks. To prevent this, always use prepared statements with parameterized queries to sanitize user input and prevent malicious SQL code from being executed.

// Example of fetching data from a MySQL database using prepared statements
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);