URL Encode / Decode
URL Encode / Decode
URL encoding, also known as percent-encoding, is a mechanism for encoding information in a Uniform Resource Identifier (URI) under RFC 3986. URLs can only be sent over the Internet using the ASCII character set, which means characters outside this set — as well as certain reserved ASCII characters — must be converted into a valid format. Understanding URL encoding is essential for web developers, API integrators, and anyone who works with web technologies.
Reserved characters have special meaning within URLs. The characters :, /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ,, ;, =, and the space character must be encoded when they appear in URL components where they are not serving their reserved purpose. For example, an unencoded ampersand (&) in a query parameter value would be interpreted as a parameter separator rather than literal data.
URL encoding is used when building query strings for GET requests or REST APIs, submitting web form data via application/x-www-form-urlencoded, encoding file names containing special characters for download URLs, and debugging API calls by decoding percent-encoded strings back to readable text.
The principle behind percent-encoding is conceptually simple but has important nuances that affect web development. Each character in a URL is either unreserved (can be used literally), reserved (has special meaning in certain contexts), or unsafe (must always be encoded). Unreserved characters include A-Z, a-z, 0-9, hyphen, period, underscore, and tilde. Reserved characters like colon, slash, question mark, and hash are allowed in URLs but only when they serve their designated purpose — for example, a colon separates the scheme from the host in a URL, but a colon appearing in a path segment should be encoded as %3A.
Unicode and non-ASCII characters require a two-step encoding process that many developers find confusing. First, the character must be encoded as a sequence of bytes using UTF-8 (the standard character encoding for the web). Then, each byte that is not an unreserved character is percent-encoded individually. For example, the Euro sign (U+20AC) encodes to UTF-8 bytes E2, 82, AC, and then each byte is percent-encoded to %E2%82%AC. Emoji characters like the smiling face (U+1F600) encode to four UTF-8 bytes and thus become %F0%9F%98%80 — a 12-character encoded string for a single emoji.
- Type or paste the text you want to encode or decode.
- Select the desired operation: Encode (text to URL-safe format) or Decode (encoded string back to plain text).
- The result appears instantly, ready to copy and use.
- Use the swap button to quickly move output back to input for iterative encoding.
Choose the Right Encoding Mode: This tool offers two modes: encodeURIComponent (encodes all special characters including those used in URL paths) and encodeURI (preserves characters needed for valid URL structure like slashes and colons). For query string parameters, always use encodeURIComponent-style encoding. For encoding an entire URL path segment, use encodeURI-style encoding to keep the URL structurally valid. The default mode in this calculator handles query parameter encoding, which is the most common use case.
General Encoding Rule
Each unsafe character is replaced with % followed by its two-digit hexadecimal ASCII code. Space (0x20) encodes to %20. Unreserved characters (A-Z, a-z, 0-9, -, ., _, ~) are NOT encoded.
Common Encodings Reference
| Character | Name | ASCII (hex) | Encoded |
|---|---|---|---|
| Space | Space | 0x20 | %20 |
| ! | Exclamation | 0x21 | %21 |
| " | Double quote | 0x22 | %22 |
| # | Hash | 0x23 | %23 |
| $ | Dollar | 0x24 | %24 |
| % | Percent | 0x25 | %25 |
| & | Ampersand | 0x26 | %26 |
| + | Plus | 0x2B | %2B |
| / | Forward slash | 0x2F | %2F |
| : | Colon | 0x3A | %3A |
| = | Equals | 0x3D | %3D |
| ? | Question mark | 0x3F | %3F |
| @ | At sign | 0x40 | %40 |
Encoding example: "hello world!" encodes to "hello%20world%21"
Reserved vs. Unreserved Characters
| Category | Characters | Encoding Required? |
|---|---|---|
| Unreserved | A-Z, a-z, 0-9, -, ., _, ~ | No |
| Reserved (gen-delims) | :, /, ?, #, [, ], @ | Yes, unless used as delimiters |
| Reserved (sub-delims) | !, $, &, ', (, ), *, +, ,, ;, = | Yes, unless used as delimiters |
Encode Each Component Separately: Encode each parameter name and value separately before assembling the full query string.
Watch for Double Encoding: If a value has already been encoded, encoding it again produces a double-encoded result like %2526.
Use the Right Function for the Job: In JavaScript, encodeURIComponent() encodes all special characters and should be used for query string parameters. encodeURI() preserves URI structure (slashes, colons, hashes) and should be used for encoding entire URLs. This tool provides encodeURIComponent-equivalent behavior by default, which is appropriate for the most common use case of encoding parameter values. If you need to encode a full URL path segment, you may need to manually preserve certain characters.
Test Your Encoded URLs: After encoding a URL parameter, always test the complete URL by pasting it into a browser address bar and verifying it navigates correctly. Some web frameworks and servers handle encoding differently — what works for one backend may fail for another. Common issues include servers that expect + for spaces, or frameworks that double-decode values. Testing catches these edge cases before they affect production systems and frustrate users.
- Follows RFC 3986 percent-encoding standard. Uses %20 for spaces; + is also treated as space during decoding.
- Non-ASCII and Unicode characters require UTF-8 encoding before percent-encoding.
- Character encoding differences between systems can produce different outputs.
- Uses encodeURIComponent-equivalent behavior.
Common Pitfalls in URL Encoding and Decoding
One of the most common mistakes in URL encoding is determining whether a space should be encoded as %20 or +. In the query string portion of a URL (after the ? character), spaces can be encoded as either %20 or + according to application/x-www-form-urlencoded convention, and most server-side frameworks accept both. However, in other URL components such as the path, spaces must be encoded as %20. This tool uses %20 by default, which works universally, and also decodes + characters as spaces for maximum compatibility with different encoding schemes.
Double encoding is another frequent source of bugs in web applications. If you encode a value that has already been percent-encoded, the percent signs in the existing encoding become %25, resulting in gibberish output. For example, if the string "hello world" is first encoded to "hello%20world" and then encoded again, it becomes "hello%2520world" — the %25 represents the % character itself, followed by the literal string "20world". This tool helps diagnose double encoding by allowing you to decode step by step. If a decoded result contains percent signs followed by hex digits, it was likely double-encoded and needs another pass of decoding.
- What is the difference between encodeURI and encodeURIComponent?
- encodeURI preserves URI syntax characters; encodeURIComponent encodes everything except unreserved characters.
- Can URL encoding prevent SQL injection?
- No. URL encoding is a transport-layer concern, not a security measure. Use parameterized queries for security.
- How do I handle Unicode characters like emoji in URLs?
- Unicode is first encoded to UTF-8 bytes, then each byte is percent-encoded. For example, smiley face (U+1F600) becomes %F0%9F%98%80.
- What is the maximum length of a URL?
- No official limit in RFC 3986; practical limits are 2,000-8,000 characters depending on browser and server.
- When should I use base64 encoding instead of URL encoding?
- Base64 encoding is designed for encoding binary data into ASCII text for transmission, while URL encoding is designed for encoding special characters in URLs. Base64-encoded data is typically larger (33% overhead) and uses characters like +, /, and = that need further URL encoding when used in query parameters. For simple text values with special characters, URL encoding is more efficient. For binary data like images or files, base64 is more appropriate but should be used judiciously due to its size overhead.
- How does URL encoding relate to HTML form submission?
- When an HTML form is submitted with method GET, the browser automatically URL-encodes each form field name and value and assembles them into a query string. With method POST and enctype application/x-www-form-urlencoded, the same encoding is applied to the request body. Understanding this automatic encoding helps developers predict how their form data will arrive at the server and avoid common pitfalls such as hidden fields whose values contain characters that break the query string format.
- RFC 3986 — Uniform Resource Identifier (URI): Generic Syntax
- MDN Web Docs — encodeURIComponent()
- WHATWG URL Living Standard
Last updated: May 12, 2026