First off, you shouldn't be using htmlentitesaround 99% of the time. Instead, you should use htmlspecialchars()for escaping text for use inside xml/html documents. htmlentitiesare only useful for displaying characters that the native characterset you're using can't display (it is useful if your pages are in ASCII, but you have some UTF-8 characters you would like to display). Instead, just make the whole page UTF-8 (it's not hard), and be done with it.

首先，你不应该htmlentites在 99% 的时间里都在使用。相反，您应该使用htmlspecialchars()转义文本以在 xml/html 文档中使用。 htmlentities仅用于显示您使用的本机字符集无法显示的字符（如果您的页面是 ASCII，这很有用，但您有一些 UTF-8 字符要显示）。相反，只需将整个页面设为 UTF-8（这并不难），然后就完成了。

As far as urlencode, you hit the nail on the head.

至于urlencode，你击中了头上的钉子。

So, to recap:

所以，回顾一下：

• Inside HTML:

  <b><?php echo htmlspecialchars($string, ENT_QUOTES, "UTF-8"); ?></b>
  

• Inside of a url:

  $url = '?foo='.urlencode('bar');
  

• 内部 HTML：

  <b><?php echo htmlspecialchars($string, ENT_QUOTES, "UTF-8"); ?></b>
  

• 网址内部：

  $url = '?foo='.urlencode('bar');
  

That's about right. Although - htmlspecialcharsis fine, as long as you get your charsets straight. Which you should do anyway. So I tend to use that, so I would find out early if I had messed it up.

那是对的。虽然 -htmlspecialchars很好，只要你把你的字符集弄直了。无论如何你应该这样做。所以我倾向于使用它，所以如果我搞砸了，我会尽早发现。

Also note that if you put an url into a html context (say - in the hrefof an a-tag), you need to escape that. So you'll often see something like:

还要注意的是，如果你把一个URL到HTML中的上下文（说-在href一个的a-标签），你需要逃脱。所以你会经常看到类似的东西：

echo "<a href='" . htmlspecialchars("?foo=".urlencode($foo)) . "'>clicky</a>"