What resources or documentation can PHP developers refer to for guidance on secure coding practices and common pitfalls to avoid?

PHP developers can refer to resources such as the OWASP (Open Web Application Security Project) website, PHP official documentation on security, and various online tutorials and blogs focusing on secure coding practices. By following these resources, developers can learn about common security pitfalls to avoid, such as SQL injection, cross-site scripting, and insecure file uploads.

// Example of using prepared statements to prevent SQL injection
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->execute(['username' => $username]);