Be careful about Example 1 -- it is exactly how *not* to implement things.
& as a separator is the URL encoding.
& is HTML encoding.
You should HTML encode your URL if embedding it in a web page. This is more involved than just replacing & with &. Doing as this example suggests is a security hole waiting to happen.