1st Do not invent.
2nd It's not a question of which is better, you should know what each one does.
htmlentities
encodes any special characters, so you can not inject tags or js.
Leaving the action
attribute empty, causes this page to reference itself. So do not waste functions using them where they are not needed, because what PHP_SELF
does, is to return the name of the file that is running the script, so if there is no QUERY_STRING
why should I use% with% or% with%? You simply should not, because the main reason for using them is to return these values in the right format, so they can be used without any problems, if that exists.
An example of this is:
<?php
echo '<a href="' . htmlspecialchars("/nextpage.php?stage=23&data=" .
urlencode($data)) . '">'."\n";
?>
The htmlentities
contains parameters, so it has special characters that need to be escaped, but what does urlencode
there? It simply does what it does, when you want to pass the value of a variable as part of a url
, that's where it becomes useful.
I would say what a lot of people usually say in situations like this, use any js library, or simply use js, and your problem disappears.
It would be easy to think so, because of the technological advancement even the simplest sites use javascript, and most of the devices currently used to access these sites also have javascript support. But that's what it is, javascript may fail, over and over again, and there are times when some would rather not use it, but that's already another perspective.
Analyze your priorities better, and find a solution that fits you.
If you want to read more about some of these processes, here are some pages that I recommend: