If I am using a GET parameter in a web service call, what type of escaping should I do? I was thinking of just using htmlentities.
Example: http://example.com/search.php?search=1234
Search.php
Uses $_GET['search'] to make a web service call to another service.
In the URL, urlencode data.
HTML entities are only relevant in an HTML context.
Perhaps The Great Escapism (Or: What You Need To Know To Work With Text Within Text) can clear up that confusion.
Just adding to @deceze answer, it might be a better times to use rawurlencode.