Menu
I have always been confused with URL/HTML Encoding/Escaping. I am using PHP, so want to clear somethings up.
Can I say that I should always use
urlencode: for individual query string parts
$url = 'http://test.com?param1=' . urlencode('some data') . '¶m2=' . urlencode('something else');
htmlentities: for escaping special characters like <> so that if will be rendered properly by the browser
Would there be any other places I might use each function. I am not good at all these escaping stuff, always confused by them
951
The link would then be technically broken. Regardless, you basically just need to replace the percents % by their URL-encoded representation %25 (in other words: just encode the URL twice).
URL Encoding (Percent Encoding) URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits. URLs cannot contain spaces. URL encoding normally replaces a space with a plus (+) sign or with %20.
URL encoding converts characters into a format that can be transmitted over the Internet. - w3Schools. So, "/" is actually a seperator, but "%2f" becomes an ordinary character that simply represents "/" character in element of your url. Follow this answer to receive notifications.
First off, you shouldn't be using htmlentites around 99% of the time. Instead, you should use htmlspecialchars() for escaping text for use inside xml/html documents. htmlentities are only useful for displaying characters that the native characterset you're using can't display (it is useful if your pages are in ASCII, but you have some UTF-8 characters you would like to display). Instead, just make the whole page UTF-8 (it's not hard), and be done with it.
As far as urlencode, you hit the nail on the head.
So, to recap:
Inside HTML:
<b><?php echo htmlspecialchars($string, ENT_QUOTES, "UTF-8"); ?></b>
Inside of a url:
$url = '?foo='.urlencode('bar');
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
