URL Encoder and Decoder
Encode URLs for safe transmission over the internet or decode URL-encoded strings back to original format.
How to Use the URL Encoder/Decoder?
Enter your URL or text and choose the appropriate encoding or decoding method.
What Is URL Encoding?
URL encoding (also called percent-encoding) is a mechanism defined by RFC 3986 to represent characters in a Uniform Resource Identifier (URI) that are not allowed or have special meaning. Since URLs can only contain a limited subset of ASCII characters, any character outside this safe set must be encoded as a percent sign followed by two hexadecimal digits — for example, a space becomes %20. URL encoding ensures data is transmitted accurately across all web browsers, servers, and intermediary systems without being misinterpreted.
Why URL Encoding Is Needed
URLs follow strict rules about which characters are allowed. Without encoding:
- Spaces break URLs: A browser cannot process
https://example.com/my file.pdf— the space terminates the URL. - Reserved characters cause ambiguity: Characters like
?,&,=,#, and/have special structural meaning in URLs. Using them in data (query values, paths) confuses parsers. - Non-ASCII characters are not supported: International characters (漢字, ñ, ü) must be UTF-8 encoded first, then percent-encoded.
- Standards compliance: RFC 3986 requires encoding to ensure URIs are interoperable across all systems and platforms.
URL Character Categories
| Category | Characters | Encoding Needed? |
|---|---|---|
| Unreserved (safe) | A–Z a–z 0–9 - _ . ~ | Never encoded |
| Reserved (structural) | : / ? # [ ] @ ! $ & ' ( ) * + , ; = | Encoded when used as data (not as delimiters) |
| Unsafe / other | spaces, < > { } | \ ^ ` and non-ASCII | Always encoded |
Two Encoding Methods: urlencode vs rawurlencode
There are two common approaches to URL encoding, and choosing the wrong one can cause subtle bugs:
| Method | Space Encoded As | Standard | When to Use |
|---|---|---|---|
| URL Encode (application/x-www-form-urlencoded) | + | HTML form spec | Form data, query string values |
| Component Encode (rawurlencode / encodeURIComponent) | %20 | RFC 3986 | URL path segments, REST API parameters, general-purpose |
Rule of thumb: Use RFC 3986 encoding (%20 for spaces) for building URLs. Use form encoding (+ for spaces) only when submitting HTML form data.
Common Encoding Examples
| Character | Encoded | Character | Encoded |
|---|---|---|---|
| Space | %20 | & | %26 |
| @ | %40 | = | %3D |
| # | %23 | ? | %3F |
| % | %25 | / | %2F |
URL Encoding in Different Languages
- JavaScript:
encodeURIComponent(string)for data,encodeURI(url)for full URLs (preserves structural characters) - Python:
urllib.parse.quote(string)(RFC 3986) orurllib.parse.quote_plus(string)(form encoding) - PHP:
rawurlencode($string)(RFC 3986) orurlencode($string)(form encoding) - Java:
URLEncoder.encode(string, "UTF-8")(form encoding — replace + with %20 for RFC 3986) - C# / .NET:
Uri.EscapeDataString(string)
Common Mistakes to Avoid
- Double encoding: Encoding an already-encoded string turns
%20into%2520. Always decode first if unsure, then encode once. - Using encodeURI for data:
encodeURI()in JavaScript does not encode reserved characters like&,=,?. UseencodeURIComponent()for query parameter values. - Forgetting to encode: Passing user input directly into URLs without encoding creates broken links and potential security vulnerabilities (open redirects, injection).
- Encoding the entire URL: Only encode the data parts (query values, path segments). Do not encode the protocol (
https://), domain, or structural delimiters.
Use Cases
- Form submissions: Browsers automatically URL-encode form data using
application/x-www-form-urlencodedcontent type. - Query parameters: When building URLs dynamically, encode each parameter value:
?search=hello%20world&lang=en - REST APIs: Encode path parameters and query values. Many HTTP libraries handle this automatically, but manual encoding is needed for string concatenation.
- Redirect URLs: When passing a callback URL as a parameter, it must be encoded:
?redirect=https%3A%2F%2Fexample.com%2Fpage - Email mailto links: Subject and body parameters in mailto links must be encoded:
mailto:user@example.com?subject=Hello%20World
Frequently Asked Questions — URL Encoder & Decoder
URL encoding converts characters that are not allowed in URLs into a "%" followed by two hexadecimal digits representing the character's ASCII code. For example, a space becomes %20, & becomes %26, and = becomes %3D. URLs can only contain a limited set of safe characters (letters, digits, -, _, ., ~). All other characters must be encoded to be transmitted safely in a URL.
urlencode (application/x-www-form-urlencoded) encodes spaces as + and is used for HTML form data. rawurlencode (RFC 3986) encodes spaces as %20 and is used for URL path components and query strings. When in doubt, use rawurlencode — it's safer and more widely compatible. Most modern APIs expect %20 for spaces in query parameters.
RFC 3986 defines "unreserved characters" that never need encoding: letters (A-Z, a-z), digits (0-9), and the symbols - _ . ~ These are always safe. "Reserved characters" (: / ? # [ ] @ ! $ & ' ( ) * + , ; =) have special meaning in URLs and must be encoded when used as data rather than as URL structure. All other characters must always be encoded.
%20 and + both represent a space, but in different contexts. In URL path segments, %20 is correct (/my%20file.pdf). In HTML form query strings (application/x-www-form-urlencoded), + represents a space. Mixing them up causes bugs: a + in a URL path is a literal plus sign, not a space. When decoding, use the context to determine which to apply.
For a full URL: only encode the parts that need it (path segments and query values) — don't encode the scheme (https://), host (example.com), or structural characters (/, ?, &, =). For a query parameter value: encode everything including =, &, and +. Most programming languages have separate functions: encodeURI() encodes a full URL; encodeURIComponent() encodes a single component.