// Example 3: XSS vulnerability $user_input = $_POST['comment']; echo "<p>$user_input</p>"; // No validation or sanitization