If you are printing the URL out, say to the front end… that is, it is to be displayed as a normal URL to a visitor etc. then:
esc_url()
If you are going to use the URL in, say, a WordPress redirect (or anything else that sends http header ‘location’, then you will need:
esc_url_raw()
This is actually the basis and fix of this recent security vulnerability:
https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html