Yeah, a big problem with the traditional PHP-in-HTML approach to generating web sites is that it's one of the areas where PHP hasn't dramatically improved since the early days. Later templating engines learned from the problems people encountered with PHP and were built to be aware of the output format, and PHP never did that. A lot of work was put into writing templating engines in PHP that in retrospect really should have instead been a language mode for PHP itself.
We would have seen dramatically fewer bugs and injection attacks over the years if PHP had made <input value="<?=$value?>"> a perfectly safe and normal thing to write back in 2005.
We would have seen dramatically fewer bugs and injection attacks over the years if PHP had made <input value="<?=$value?>"> a perfectly safe and normal thing to write back in 2005.