URL Manipulation

When building a URL, variables should either use the urlencode function, or the url helper.

$name = 'A&y=B';

$url = 'https://www.example.com/?q=' . $name;
$url = 'https://www.example.com/?q=' . urlencode($name); // Better

$url = url('https://www.example.com/', array('q' => $name));

The first example will set the variable q to "A", and the new variable y to "B".

Whereas the other two will correctly set the variable q to "A&y=B".

This is usually only a data problem (loosing anything after the &), but there can be security issues as well, e.g.