URL encoding (percent-encoding) replaces unsafe or reserved characters in URLs with a percent sign followed by two hexadecimal digits representing the character's byte value. It ensures that URLs are transmitted correctly across all systems, regardless of character sets, special characters, or whitespace in the data.
This guide covers which characters need encoding, how query parameters work, handling of international characters, and common encoding mistakes that cause broken links and API errors.
Why URL encoding is necessary
URLs can only contain a limited set of ASCII characters. Characters like spaces, ampersands (&), equals signs (=), question marks (?), and hash symbols (#) have special meaning in URL syntax — they delimit path segments, query parameters, and fragments. If your data contains these characters, they must be percent-encoded to avoid being interpreted as URL structure.
For example, searching for 'cats & dogs' requires the space and ampersand to be encoded: cats%20%26%20dogs. Without encoding, the & would be interpreted as a parameter separator, breaking the URL into unintended segments.
Reserved vs unreserved characters
Unreserved characters (A-Z, a-z, 0-9, -, _, ., ~) can appear anywhere in a URL without encoding. Everything else is either reserved (has special URL meaning) or unsafe (may be misinterpreted by systems along the path).
Reserved characters (:, /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ,, ;, =) must be percent-encoded when used as data rather than as URL structure. Use the URL Encoder to encode and decode strings instantly.
Encoding international characters (UTF-8)
Non-ASCII characters (accented letters, CJK characters, emoji) are first encoded as UTF-8 bytes, then each byte is percent-encoded individually. The Japanese character (ka) becomes %E3%81%8B — three percent-encoded bytes representing its UTF-8 encoding.
Modern browsers display decoded international characters in the address bar for readability (Internationalized Domain Names use Punycode), but the actual HTTP request always sends the percent-encoded form. Always encode user input before inserting it into URLs.
Common encoding mistakes
Double encoding happens when already-encoded text is encoded again: %20 becomes %2520 (the % gets encoded to %25). This produces broken URLs. Always check whether data is already encoded before applying encoding.
Encoding the entire URL instead of just the data portions breaks the URL structure. Only encode the values of query parameters and path segments that contain user data — never encode the ?, &, =, and / characters that form the URL skeleton.
Using + for spaces works in application/x-www-form-urlencoded (HTML form submissions) but not in URL path segments, where %20 is correct. Mixing the two conventions causes inconsistent behavior across servers.
Key takeaways
- URL encoding replaces special characters with %XX hex sequences to prevent them from being interpreted as URL structure.
- Only encode the data portions (parameter values, path segments) — never encode the URL skeleton (?, &, =, /).
- International characters are encoded as UTF-8 bytes, each byte individually percent-encoded.
- Avoid double encoding — check whether data is already encoded before applying encoding.
- Use %20 for spaces in URL paths, but + is acceptable in form-encoded query strings.
Frequently asked questions
What is the difference between URL encoding and Base64?
URL encoding escapes individual special characters in URLs. Base64 converts entire binary data to text. They solve different problems — URL encoding for URL safety, Base64 for binary-to-text transport.
Should I encode the entire URL?
No. Only encode the data portions (query parameter values, path segments with user data). The URL structure characters (?, &, =, /) must remain unencoded or the URL breaks.
Why do spaces sometimes appear as + and sometimes as %20?
HTML form submissions use + for spaces (application/x-www-form-urlencoded). URL path segments use %20. Both are valid in their respective contexts but not interchangeable.
Related tools
Related guides
Base64 Encoding and Decoding: Developer Guide
Learn what Base64 encoding is, how it works, when to use it, and common pitfalls. Covers data URIs, API payloads, email attachments, and JWT tokens.
Working with JSON: Formatting, Validation, and Debugging
A practical guide to working with JSON data, covering formatting, validation, common errors, debugging techniques, and useful developer tools.