I have always been confused with URL/HTML Encoding/Escaping. I am using PHP, so want to clear somethings up.
Can I say that I should always use
urlencode
: for individual query string parts$url = 'http://test.com?param1=' . urlencode('some data') . '¶m2=' . urlencode('something else');
htmlentities
: for escaping special characters like<>
so that if will be rendered properly by the browser
Would there be any other places I might use each function. I am not good at all these escaping stuff, always confused by them
See Question&Answers more detail:os