What potential problems can arise from not properly handling character escaping in PHP scripts?

Improper handling of character escaping in PHP scripts can lead to security vulnerabilities such as SQL injection attacks or cross-site scripting (XSS) attacks. To prevent these issues, always use proper escaping functions like `mysqli_real_escape_string` for database inputs and `htmlspecialchars` for outputting user-generated content.

// Example of properly handling character escaping in PHP scripts
$user_input = $_POST['user_input'];
$escaped_input = mysqli_real_escape_string($connection, $user_input);
$query = "SELECT * FROM users WHERE username='$escaped_input'";
$result = mysqli_query($connection, $query);