PHP doesn't care what you are creating, whether it's a HTML link, HTML table, HTML paragraph, XML elements, JavaScript code, or even things like binary strings. It's all just a bunch of text as far as PHP is concerned. You can put a echo statement wherever you want.
But, just to point one thing out. If you are putting PHP values originating from user input into a HTML page, be sure to run it through
htmlentities first. Also, if the values are going into HTML element attributes (like the <input> value attribute), then surround them with quotes.
-
// Potentially problematic and unsafe.
-
<input value=<?php echo $variable; ?>>
-
-
// Less problematic, but still unsafe.
-
<input value="<?php echo $variable; ?>">
-
-
// Safe and not at all problematic.
-
<input value="<?php echo htmlentities($variable, ENT_QUOTES, "UTF-8"); ?>">
-