According to https://stackoverflow.com/a/1734255/1529630, encodeURIComponent is the same as rawurlencode, but !*'() aren't escaped, e.g.,
function encodeURIComponent($str) {
$revert = array('%21'=>'!', '%2A'=>'*', '%27'=>"'", '%28'=>'(', '%29'=>')');
return strtr(rawurlencode($str), $revert);
}
But then, does it matter that difference?
Normally, I use something like
wrapper.innerHTML = '<a href="foo.php?bar=' + encodeURIComponent(myVar) + '">Link</a>';
echo '<a href="foo.php?bar=' . rawurlencode(myVar) . '">Link</a>';
If then, in foo.php, I use $_GET['bar'], is it possible to get different results, due to the difference between encodeURIComponent and rawurlencode?
You only need to escape characters that can have special uses within the code.
For example the following can be used to ask the code to do a mathematical comparison or calcuation - < , > , + , - , / , =
then there's reserved characters specific to URL creation such as - ? , @ , %, #
The characters !*'() have no special meaning and so won't be misinterpreted so don't need escaping. You can however escape characters unnecessarily so it might look like a different result, but it would mean/do the same thing.
This has a more thorough breakdown - http://www.blooberry.com/indexdot/html/topics/urlencoding.htm