What are the key takeaways from this guide?

URLs can only contain ASCII characters.. Spaces become `%20` (or `+` in query strings).. Different URL parts have different encoding rules:. Domain names with non-ASCII characters use Punycode encoding.. A common bug is encoding already-encoded values, turning `%20` into `%2520`..

Who is this guide for?

This guide is designed for beginner-level users and takes about 1 minutes to read.

Best Practice Beginner 1 min read 173 words

URL Encoding Best Practices for Web Developers

Proper URL encoding prevents broken links and security vulnerabilities. Learn which characters must be encoded and how to handle international URLs.

Key Takeaways

URLs can only contain ASCII characters.
Spaces become `%20` (or `+` in query strings).
Different URL parts have different encoding rules:
Domain names with non-ASCII characters use Punycode encoding.
A common bug is encoding already-encoded values, turning `%20` into `%2520`.

Featured Tool

Hash Generator

Generate SHA-1, SHA-256, SHA-384, SHA-512 hashes from text

Try it Free

Why URL Encoding Matters

URLs can only contain ASCII characters. Special characters, spaces, and non-ASCII characters must be percent-encoded (%XX format) to be safely transmitted. Incorrect encoding causes broken links, XSS vulnerabilities, and data loss.

Characters That Must Be Encoded

Spaces become %20 (or + in query strings). Forward slashes in values must be encoded as %2F. Ampersands in values need %26 to avoid being interpreted as parameter separators.

Component-Specific Encoding

Different URL parts have different encoding rules:

Path: Encode spaces and special chars, preserve /.
Query string: Encode spaces as +, preserve & and = as separators.
Fragment: Encode most special characters.

International Domain Names (IDN)

Domain names with non-ASCII characters use Punycode encoding. For example, münchen.de becomes xn--mnchen-3ya.de. Modern browsers display the Unicode version while transmitting the Punycode version.

Double Encoding

A common bug is encoding already-encoded values, turning %20 into %2520. This happens when a URL passes through multiple encoding layers. Always check if data is already encoded before encoding it again.

صيغ ذات صلة

.css .csv .html .json .md .txt .xml .yaml

أدلة ذات صلة

JSON vs YAML vs TOML: Choosing a Configuration Format

Configuration files are the backbone of modern applications. JSON, YAML, and TOML each offer different trade-offs between readability, complexity, and tooling support that affect your development workflow.

How to Format and Validate JSON Data

Malformed JSON causes silent failures in APIs and configuration files. Learn how to format, validate, and debug JSON documents to prevent integration errors and improve readability.

Base64 Encoding: How It Works and When to Use It

Base64 converts binary data into ASCII text, making it safe for transmission through text-based systems. Learn when Base64 is the right choice and when alternatives like hex encoding or URL encoding are more appropriate.

Best Practices for Working with Unix Timestamps

Unix timestamps provide a language-agnostic way to represent points in time, but they come with pitfalls around time zones, precision, and the 2038 problem. This guide covers best practices for storing and converting timestamps.

Troubleshooting JWT Token Issues

JSON Web Tokens are widely used for authentication but can be frustrating to debug. This guide covers common JWT problems including expiration errors, signature mismatches, and payload decoding issues.

Categories