Local PHP test page showing the same sample input rendered as escaped HTML text, a URL-encoded query parameter, and an escaped HTML attribute value with workflow callouts.
PHP Guides

Secure PHP Input Handling: Encoding, URL Encoding, and Safe Data Output (Practical Checklist)

/

A practical PHP checklist for safe input handling: when to URL-encode, when to escape HTML, how to avoid double-encoding, and how to render output safely in each context.