Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I never mix HTML with PHP, for the reason The Ninja Space Goat said, it makes it harder to change the UI later. The way I do it is use a tag replacement system / template system ( Similar to Smarty, but one I wrote my self ).
yeah, it's fine for small things, but on large scales, it just makes everything look messy
especially when it comes to forms, you might find yourself dreading large forms most when it comes to inserting HTML into your code. This is why I made a template-based form class, it makes things nicer, especially if you choose to authenticate all fields on server-side, reload all fields, and display errors. Maybe one day I'll release it
I'm sure smarty can be used for something like this, as well as other template systems.
There are good ways and bad ways of mixing PHP and HTML, whether it be through a template parser or throught native templating in PHP output. The key is mixing the two in a way that three years from now when the boss finally approves a rewrite of the presentation that the developer who is in charge of that project has some clue as to what is going on.