WebUtils
ENKO

Developer Workflow

Encode URL query parameters safely

Learn how to percent-encode query parameters so spaces, ampersands, redirects, and Unicode text do not break a URL.

Open Url Encoder Decoder

Problem

URLs use characters like ?, &, =, #, and % as syntax. When those characters appear inside a value, the browser or server can split the URL incorrectly unless the value is percent-encoded first.

When to use this

  • A redirect URL is passed as a query parameter inside another URL.
  • A search term contains spaces, plus signs, Korean text, or punctuation.
  • An API endpoint receives a truncated or incorrectly parsed query string.

Steps

  1. Step 1

    Identify the value to encode

    Encode only the parameter value when possible, not the entire URL, so structural characters like ? and & remain meaningful.

  2. Step 2

    Percent-encode reserved characters

    Use URL encoding to convert spaces, ampersands, hash signs, and Unicode text into safe percent-encoded sequences.

  3. Step 3

    Place the encoded value in the query string

    Paste the encoded value after the parameter name, then confirm that each parameter is still separated by a single ampersand.

  4. Step 4

    Decode once to review

    Decode the value once during review to confirm it represents the original text and was not double-encoded.

Example

Encode a nested redirect URL

Input

https://example.com/login?next=https://app.example.com/search?q=jwt decoder&sort=recent

Output

next=https%3A%2F%2Fapp.example.com%2Fsearch%3Fq%3Djwt%20decoder%26sort%3Drecent

Common mistakes

Encoding the entire URL when only a value is needed

If you encode the full URL, separators such as ? and & may become part of a single value instead of separating parameters.

Double-encoding an already encoded value

A value like %2F can become %252F if encoded again. Decode once during debugging to check whether this happened.

FAQ

Should spaces be encoded as plus signs or %20?

Both appear in query strings, but %20 is the safest general URL encoding form. Form encoding often uses + for spaces.

What characters must be encoded in a query value?

Encode reserved URL syntax characters such as &, =, ?, #, %, spaces, and any text that could be interpreted as structure instead of data.

Can URL encoding fix a broken redirect?

It can fix redirects broken by unescaped nested URLs, but it will not fix an invalid target URL or an application-side allowlist failure.