Over on his blog today, Alan Knowles asks one of the major issues in the PHP community - PHP as a template engine, or recipe for disaster?

Whenever someone starts saying template engines, there's an equally vocal community that gently suggests that PHP is a great template engine. Well, I think this week that sounded alot like bollocks...

The pear website, while not a masterpiece for PHP code, has however been written by some pretty smart people, and uses (in parts) the concept of PHP as a template engine. Last week however we got a very polite email to the group mentioning that it was possible to do Cross site scripting attacks on some pages.

[...] So while PHP templates have some advantages, in that it lacks the requirement for compiling. That penalty seems a small price to pay for the extra protection.. so Flexy's new catchphrase may be, "Put your condom on, and use a Flexy Template Engine..."

I think this "battle" will rage as long as PHP exists. Lots of people go back to PHP's roots and look at what Rasmus initially intended the scripts for - a simple sort of templating/functionality enhancement. Of course, there are features that some template engines offer out there that can make life nicer. What it really boils down to is personal preference - if you like it, go with it.