There are various escaping methods in PHP, named according to PHP's usual naming convention (which I think involves a blindfold):
- htmlspecialchars - a partial htmlentities. Quotes can be selectively converted. Translates only necessary characters: & " ' < >
- htmlentities - translate ALL possible characters into html entities. Quotes can be selectively converted.
- urlencode - replace everything but [a-zA-Z0-9_.-] with %hex and spaces as +. The format is application/x-www-form-urlencoded; the format used by post forms. This is different from RFC1738
- rawurlencode - as per RFC1738 (difference is the spaces).
- addslashes - escape ' " \ NUL with \
- addcslashes - escape with \ any chars in charlist. 0, a, b, f, n, r, t and v are escaped literally, anything else is escaped as octal.
- convert_uuencode - uuencode
- base64_encode - base64 encode
