Tip: don’t use esc_url() with wp_remote_get() and other HTTP functions. Use esc_url_raw() instead. #wordpress — Konstantin Kovshenin (@kovshenin) March 13, 2012

This tweet gained some good attention on Twitter, so I thought it would be good to explain why. Then I found a support forums thread where Mark Jaquith pretty much explains it all:

esc_url() is for something like <a href="SANITIZE_THIS">text</a>

So if you’re going to use the URL in your HTML output, like a href attribute for a link, or a src attribute for an image element, you should use esc_url().

esc_url_raw() is for other cases where you want a clean URL, but you don’t want HTML entities to be encoded. So any non-HTML usage (DB, redirect) would use this.

The esc_url_raw() function will do pretty much the same as esc_url, but it will not decode entities, meaning it will not replace & with & and so on. As Mark pointed out, it’s safe to use esc_url_raw in database queries, redirects and HTTP functions, such as wp_remote_get .

Oh, there’s now a codex entry for esc_url_raw too!