Encoding & Decoding

URL Encode: How to Percent-Encode URLs and Query Parameters

Percent-encode URLs and query string parameters so special characters are transmitted safely. Essential for building correct API requests and web links.

Published January 15, 2025Updated June 1, 20255 min read

Try the free online tool

Runs entirely in your browser — no signup, no uploads.

Open Tool

URLs are restricted to a specific set of ASCII characters. When a URL contains spaces, ampersands, equals signs, or non-ASCII characters like accented letters or emoji, those characters must be percent-encoded before the URL can be used safely in an HTTP request. Percent-encoding replaces each unsafe byte with a percent sign followed by two hexadecimal digits representing the byte value.

URL encoding affects query strings most frequently. When you pass user-supplied data as a query parameter, failing to encode it can break the URL structure, cause unexpected behaviour in the server, or open a door to injection attacks. A space becomes %20 (or + in form encoding), an ampersand becomes %2F, and a Japanese character might expand into several percent-encoded bytes.

This tool encodes any text to its percent-encoded equivalent. Whether you are building an API request by hand, constructing a redirect URL in code, or debugging a malformed link, this encoder gives you the correct output in seconds.

What Is Percent-Encoding?

Percent-encoding, defined in RFC 3986, is the mechanism used to represent reserved or unsafe characters in a URI. Each character that is not in the unreserved set (A-Z, a-z, 0-9, -, _, ., ~) must be encoded as % followed by two uppercase hexadecimal digits representing the character's UTF-8 byte value.

There are two levels of encoding to understand. encodeURIComponent() (in JavaScript) encodes every character except letters, digits, -, _, ., and ~. encodeURI() additionally leaves the structural characters of a URI unencoded: : / ? # [ ] @ ! $ & ' ( ) * + , ; =. Use encodeURIComponent() for individual parameter values and encodeURI() for complete URLs that you want to make safe without altering the URL structure.

HTML form encoding (application/x-www-form-urlencoded) has a slight variation: spaces are encoded as + instead of %20. This format is used in POST body data from HTML forms and differs from the standard RFC 3986 percent-encoding used in URLs.

How to Use This Tool

Encoding a URL or query parameter value takes just a few steps.

  1. 1

    Enter the text to encode

    Type or paste the URL, query parameter value, or any string that contains characters you need to encode.

  2. 2

    Choose the encoding mode

    Select Full URL mode (encodeURI equivalent) to encode an entire URL while preserving structural characters, or Component mode (encodeURIComponent equivalent) for individual parameter values.

  3. 3

    Click Encode

    The tool produces the percent-encoded output immediately.

  4. 4

    Copy and use the result

    Copy the encoded string and paste it into your API request, curl command, HTML href attribute, or application code.

Common Use Cases

Percent-encoding is required in a wide range of development scenarios.

  • Encoding search query parameters that contain spaces, quotes, or special characters before appending them to a URL.
  • Building redirect URLs where the destination URL must itself be a query parameter value.
  • Encoding API keys, tokens, or credentials passed in URL query strings.
  • Creating shareable links to filtered views or search results in web applications.
  • Constructing mailto: links with pre-filled subject and body containing special characters.
  • Encoding file paths or names in REST API endpoints that may contain slashes or spaces.

Tips and Best Practices

  • Encode parameter values individually rather than the entire URL to avoid double-encoding structural characters like ? and &.
  • Prefer encodeURIComponent() over encodeURI() when building query strings in JavaScript; it encodes more characters and is safer for values.
  • Never percent-encode a URL that is already encoded; double-encoding (%2520 instead of %25) will cause the server to receive the wrong value.
  • Use a URL-building library (like the URL API in Node.js or Python's urllib.parse.urlencode) in production code rather than manual string concatenation to avoid encoding mistakes.
  • Remember that paths and query strings have different reserved character sets; a / in a path segment means something different than in a query value.

URL Encoding in Different Languages

Every major language provides built-in URL encoding functions. In JavaScript, use encodeURIComponent() for values and encodeURI() for full URLs. In Python, use urllib.parse.quote() for path segments and urllib.parse.urlencode() for query strings. In Java, use URLEncoder.encode(value, StandardCharsets.UTF_8). In PHP, use rawurlencode() for RFC 3986 compliance or urlencode() for form encoding.

A common mistake is using the wrong function for the context. For example, Python's urllib.parse.quote() encodes / by default but offers a safe parameter to leave specific characters unencoded. Always read the documentation for your language's function to understand which characters it leaves safe.

Frequently Asked Questions

What is the difference between %20 and + for spaces?

Both represent a space, but in different contexts. RFC 3986 percent-encoding uses %20 for spaces in URLs. HTML form encoding (application/x-www-form-urlencoded) uses + for spaces in POST body data. Query strings submitted by HTML forms use the + convention, while URLs constructed programmatically should use %20.

Should I encode the entire URL or just the parameter values?

You should encode individual parameter values, not the entire URL. Encoding the full URL will also encode structural characters like ?, &, and = which breaks the URL structure. Encode each key and value separately and then join them with & and ?.

Why does my URL still break even after encoding?

The most common cause is double-encoding (encoding an already-encoded string) or failing to encode at the right stage. Inspect the raw request with browser DevTools or Wireshark to see exactly what is being sent. Also check whether the server-side framework is applying additional decoding.

Do I need to encode URL path segments differently from query parameters?

Yes. Path segments and query parameters have different reserved character sets. For path segments, / is a delimiter and should not appear in a segment value; encode it as %2F. Query values have their own reserved characters. Use encodeURIComponent() for both to be safe, or use a URL builder library that handles the distinction automatically.

How does percent-encoding handle non-ASCII characters like emoji or accented letters?

Non-ASCII characters are first converted to their UTF-8 byte representation, and then each byte is percent-encoded separately. For example, the euro sign (U+20AC) becomes the UTF-8 bytes 0xE2, 0x82, 0xAC, which are encoded as %E2%82%AC.

Is URL encoding required for HTTPS requests?

Yes. HTTPS encrypts the connection but does not change how URLs are parsed. Special characters in URLs must be percent-encoded regardless of whether HTTP or HTTPS is used. Encoding is a URL structure requirement, not a security feature.

What characters are safe to use in a URL without encoding?

The unreserved characters defined in RFC 3986 are safe: uppercase and lowercase letters (A-Z, a-z), digits (0-9), hyphen (-), underscore (_), period (.), and tilde (~). All other characters should be percent-encoded when used in path segments or query values.

url-encodingpercent-encodingquery-stringhttpapi

Ready to use this tool?

Free, instant, no account required. Runs entirely in your browser.

Open Tool

More Encoding & Decoding Guides

Base64 Encode: How to Encode Text and Files to Base64 Online

5 min read

Base64 Decode: How to Decode Base64 Strings Back to Text

4 min read

URL Decode: How to Decode Percent-Encoded URL Strings

4 min read

HTML Encode: Convert Special Characters to HTML Entities

5 min read