What are best practices for handling variables and placeholders in PHP templates?

When handling variables and placeholders in PHP templates, it is important to properly sanitize user input to prevent security vulnerabilities such as cross-site scripting (XSS) attacks. One way to do this is by using PHP's htmlentities() function to encode special characters. Additionally, it is good practice to separate logic from presentation by using a templating engine like Twig, which provides a secure and clean way to handle variables and placeholders in templates.

// Example of using htmlentities() to sanitize user input in a PHP template
$name = htmlentities($_POST['name']);
echo "<p>Hello, $name!</p>";