PHP Escape GET data

Question

If I am using a GET parameter in a web service call, what type of escaping should I do? I was thinking of just using htmlentities.

Search.php

Uses $_GET['search'] to make a web service call to another service.

Just to clarify, do you know precisely which web service you will be passing the user input too? — Slukehart, Sep 20 '12 at 12:27

score 6 · Accepted Answer · answered Sep 20 '12 at 12:25

6

In the URL, urlencode data.

HTML entities are only relevant in an HTML context.
Perhaps The Great Escapism (Or: What You Need To Know To Work With Text Within Text) can clear up that confusion.

answered Sep 20 '12 at 12:25

deceze

score 1 · Answer 2 · edited May 23 '17 at 11:55

1

Just adding to @deceze answer, it might be a better times to use rawurlencode.

edited May 23 '17 at 11:55

Community

answered Sep 20 '12 at 12:30

Zevi Sternlicht

2 Answers2