Why do spaces become %20 or + in URLs?

Spaces are not allowed in URLs. In percent encoding they become %20. In HTML form encoding (application/x-www-form-urlencoded) they become +. Both represent a space.

When should I URL encode a string?

URL encode strings when passing them as query parameters, embedding them in href attributes, or including special characters like & = ? # in URLs.

Is URL decoding safe for encoded data?

Yes. URL decoding simply replaces percent-encoded sequences with their original characters. All processing happens in your browser — no data is sent to any server.

URL Encoder & Decoder

Encode special characters for safe URL transmission, or decode percent-encoded URLs instantly.

Free No signup Runs in browser

Mode:

Plain text / URL

Ready

Encoded URL

URL encoding reference

Common encoded characters

Space → %20 & → %26 = → %3D ? → %3F # → %23 + → %2B / → %2F

encodeURIComponent vs encodeURI

Use encodeURIComponent for query parameter values. Use encodeURI for full URLs where you want to preserve slashes, colons, and query structure.

When to use it

Encode strings before adding them as query parameters, inside href attributes, or when sending special characters like &, =, #, or spaces in URLs.

URL Encoding — Why Spaces Become %20 and How to Do It Right

URLs can only contain a limited set of safe characters: letters (A–Z, a–z), digits (0–9), and a handful of special characters like hyphens and underscores. Everything else — spaces, ampersands, equals signs, non-ASCII characters — must be percent-encoded. The name "percent encoding" comes from the format: a percent sign followed by two hexadecimal digits representing the character's ASCII code.

Why spaces become %20

A space character has ASCII code 32 decimal, which is 20 in hexadecimal. So a space becomes %20. An ampersand (&) has ASCII code 38 = 0x26, becoming %26. An equals sign (=) is 61 = 0x3D, becoming %3D. The conversion is purely mechanical — character to ASCII to hex to percent-hex.

encodeURI vs encodeURIComponent

JavaScript has two encoding functions with an important difference. encodeURI() encodes a full URL — it preserves structural characters like / : ? & = because they have meaning in a URL. encodeURIComponent() encodes a value to be placed inside a URL — it encodes those structural characters too. Always use encodeURIComponent() for query parameter values.

The + vs %20 confusion

In HTML form submissions (application/x-www-form-urlencoded format), spaces become + instead of %20. Both represent a space, but in different contexts. %20 is correct for URL paths and modern APIs. + only works in query strings when the server expects form encoding. When in doubt, use %20 — it works everywhere.

Frequently asked questions

What is URL encoding and why is it needed?

URL encoding (also called percent encoding) converts characters that aren't allowed in URLs into a safe format: a % sign followed by two hexadecimal digits. For example, a space becomes %20 and & becomes %26. It's needed because URLs can only contain a limited set of ASCII characters — everything else must be encoded.

How do I URL encode a string online?

Select "Encode URL" mode above, paste your text into the left input box, and click Encode. The percent-encoded output appears on the right. Use "encodeURIComponent" mode for query parameter values, or "encodeURI" mode for full URLs where you want to preserve the URL structure.

What is the difference between encodeURI and encodeURIComponent?

encodeURI encodes a complete URL and preserves characters that have special meaning in URLs: / : ? & = # @ and others. encodeURIComponent encodes a value meant to be part of a URL (like a query parameter) and escapes those special characters too. Use encodeURIComponent when encoding a single query string value.

Why do spaces sometimes appear as + instead of %20?

Both represent a space, but in different contexts. %20 is the standard percent-encoding used in paths and most URLs. The + sign is used in HTML form data (application/x-www-form-urlencoded format) as a shorthand for space. This tool uses %20, which is safer and works in all URL contexts.

When should I URL encode parameters in my code?

Always encode values before adding them as query parameters. In JavaScript: encodeURIComponent(value). In Python: urllib.parse.quote(value). Failure to encode can break URLs, cause security vulnerabilities like open redirect attacks, or result in incorrect query parsing.

Is URL decoding safe to use on untrusted input?

URL decoding itself is safe — it simply replaces percent-encoded sequences with their original characters. However, always validate and sanitize decoded values before using them in your application to prevent injection attacks. All processing in this tool runs locally in your browser with no data uploaded.