Common URL Encoding Reference

CharacterEncodedNameCommon use
Space%20SpaceSearch queries, file names
&%26AmpersandSeparates query parameters
=%3DEqualsKey=value in query strings
?%3FQuestion markStart of query string
#%23HashURL fragments / anchors
/%2FForward slashURL path separator
+%2BPlusOften used as space in forms
@%40At signEmail addresses in URLs
:%3AColonProtocol separator
%%25Percent signMust encode % itself

URL Encoding Explained: Why Every Developer Needs to Know This

URL encoding — officially called "percent-encoding" in the URL specification (RFC 3986) — is the mechanism that allows any character to be safely represented in a URL, regardless of whether it is part of the allowed character set. URLs can only contain a specific set of "unreserved" characters (letters A–Z, a–z, digits 0–9, and the symbols hyphen, underscore, period, and tilde) plus certain "reserved" characters that carry special meaning within URL structure (such as /, ?, &, =, #, :). Any other character — including spaces, international characters, emoji, and symbols — must be percent-encoded before use in a URL.

The encoding process is straightforward: each character that needs encoding is converted to its UTF-8 byte representation, and each byte is expressed as a percent sign (%) followed by two uppercase hexadecimal digits. A space (ASCII 32, hex 0x20) becomes %20. The ampersand character (ASCII 38, hex 0x26) becomes %26. For multi-byte UTF-8 characters like the Chinese character 中 (UTF-8 bytes: E4 B8 AD), the encoding is three percent-encoded bytes: %E4%B8%AD. Modern browsers handle this automatically in the address bar, displaying decoded URLs for readability while transmitting the encoded version internally.

Understanding the difference between encodeURI() and encodeURIComponent() in JavaScript is critical for correct URL construction. encodeURI() encodes a complete URL, deliberately preserving characters that are structurally meaningful in URLs: the colon and slashes in https://, the question mark starting the query string, the hash for fragments, and the ampersand and equals sign used in query parameters. This makes it suitable for encoding a full URL you want to keep functional. encodeURIComponent(), by contrast, treats its input as a URL component value — it encodes everything including the reserved characters, making the output safe to use as a query parameter value where characters like &, =, and # would be misinterpreted as URL structure.

A common source of bugs in web development is failing to encode user-provided input before including it in URLs. If a user searches for "bread & butter" and that string is concatenated directly into a query URL like /search?q=bread & butter, the & is interpreted as a parameter separator, breaking the query structure. The correct approach is /search?q=bread%20%26%20butter or /search?q=bread+%26+butter (using + for spaces in application/x-www-form-urlencoded contexts). Always encode dynamic values using your language's URL encoding function before URL construction.

URL Encoding in Different Languages

  • JavaScript: encodeURIComponent(value) for query values, encodeURI(url) for full URLs
  • Python: urllib.parse.quote(value) or urllib.parse.urlencode(params)
  • PHP: urlencode($value) for query strings, rawurlencode() for path segments
  • Java: URLEncoder.encode(value, StandardCharsets.UTF_8)
  • Ruby: URI.encode_www_form_component(value)
  • Go: url.QueryEscape(value) for query strings, url.PathEscape(value) for paths
  • C#: Uri.EscapeDataString(value)
  • curl (command line): curl --data-urlencode "param=value" URL

+ vs %20: Two Ways to Encode Spaces

Spaces in URLs can be encoded as either %20 (percent encoding per RFC 3986) or + (application/x-www-form-urlencoded encoding, used in HTML form submissions). In query strings, both are widely accepted by web servers. In URL path segments, only %20 is correct — a + in a path component is treated as a literal plus sign, not a space. Our encoder uses the RFC 3986 standard %20 for spaces, which works correctly in all URL contexts.

Frequently Asked Questions

URL encoding (percent-encoding) converts characters not allowed or with special meaning in URLs into a safe format. Each unsafe character is replaced with % followed by two hexadecimal digits. For example, space becomes %20, & becomes %26, = becomes %3D. This ensures URLs can be transmitted safely without ambiguity.

encodeURI encodes a complete URL while preserving structural characters like :, /, ?, #, &, =. encodeURIComponent encodes a URL component (like a query parameter value), converting ALL special characters including structural ones. Use encodeURIComponent for individual parameter values that may contain special characters.

Spaces are not allowed in URLs per the RFC 3986 specification. When a space appears in a URL — such as in a search query — it must be percent-encoded as %20. Browsers display %20 as a space in the address bar for readability, but transmit the encoded version internally.

Always URL-encode query parameter values when constructing URLs programmatically — especially with user input. If a search term contains &, =, or #, passing it unencoded will break URL structure. Use encodeURIComponent in JavaScript, urlencode() in PHP, urllib.parse.quote() in Python, or equivalent functions.

Related Web Tools