The thing is if you use ENT_QUOTES for htmlspecialchars() you have to use ENT_QUOTES for htmlspecialchars_decode():
And I think cpradio is right that urlencode() is probably more suited for urls - if you add serialized data to a url then most probably you pass it in the query string, in which case htmlspecialchars is not enough and the data will become corrupt on certain characters (this also applies if you use mod_rewrite so as to make nicer urls). htmlspecialchars is just a general escaping function for any data you put into html attributes and it does not cover escaping for urls.
Edit: even if you use base64_encode you need to escape the string with urlencode before putting it in the url, because base64-encoded data may contain special characters like +, / and = - you will then not be able to properly receive the data using $_GET. This eventually makes base64_encode not necessary for passing data via urls unless you want to add some visual obfuscation .