You want to build a PHP application attached to a PostgreSQL backend but you are concerned with maintainability and security.
The following comments are based upon my experiences in using PHP with database backends. I didn't build slashdot or sourceforge, so if you have feel free to ignore this.
Separate code from HTML as much as possible. If you are embedding code in HTML make sure it is only display/formatting code, not system logic.
Have a database abstraction layer - keep all knowledge of SQL and which DB you are talking to here. The rest of the system just has an interface that returns (lists of) objects as required. This will help if/when you need to support a new DB backend as well as with caching. It also reduces the number of places you need to check PostgreSQL return codes, and you are checking them every time you access the database, aren't you?
Have a user interface layer and treat all incoming data as tainted. Don't try and filter out forbidden values, filter in the allowed ones. Nothing should reach the functional parts of the system until it has been checked.
Modularise your code. A popular approach is to have a single index.php page which accepts an 'action' parameter. This selects in a switch statement which php file to include.
Some people use a single switch page, but I tend to use one per module of my application - it makes it easier to build/test modules separately.
Make sure library code can't be read. Ensure it ends in .php so it will be executed and protect it with .htaccess or by placing it outside the webroot (or both).
Consider writing a script to generate SQL schema and PHP data structures from a config file. I've found this useful in keeping both in step and also in making me focus on whether I really need to keep tweaking the data definitions.
Consider a library of text fragments for error messages etc. This will reduce the need to grep hundreds of files when you change Postgresql to PostgreSQL.
If you've been building large systems in C for the past ten years you'll recognise the points above as standard good practice for project development. If you're just starting out building interactive websites with PHP and PostgreSQL try and be as disciplined as you can - PHP makes it easy to hack together a solution in an afternoon, but that doesn't pay off in the long run.