How should I format GET data in an anchor href?

Question

I'm validating my web pages with W3C's validator, and it gives me the following error when I try to use GET variables in my hyperlinks:

"& did not start a character reference. (& probably should have been escaped as &.)"

I'm using the standard format:

... href='url.php?var1=val1&var2=val2' ...

It's throwing this error numerous times with links from my affiliate programs, as well. Should I just ignore this?

Answer 1

You should encode the ampersands as they have special meaning in HTML:

... href='url.php?var1=val1&var2=val2' ...

In general browsers cope pretty well with unencoded ampersands, but it's good practise to encode them.

Answer 2

& should be &. You can entity escape your strings by passing them to htmlspecialchars()

... href="<?php echo htmlspecialchars( 'url.php?var1=val1&var2=val2', ENT_QUOTES ); ?>" ...