June 14, 2026

How to URL-Encode a String for a Query Parameter

You build a URL like /search?q=cats & dogs and it falls apart: the space breaks the link and the & gets read as the start of a new parameter. The fix is URL encoding(also called percent-encoding) — turning unsafe characters into % escape sequences so the value survives intact.

Here is how to encode a query-parameter value correctly.

How to URL-encode a query parameter

QuickWand's free URL Encoder / Decoder encodes in your browser — the text you paste, tokens and all, is never uploaded.

Open the URL Encoder.
Paste just the value — the part that goes after the = — not the whole URL. For example cats & dogs.
Click Encode. You get back cats%20%26%20dogs, safe to drop into your query string.
Assemble the URL: /search?q=cats%20%26%20dogs. To go the other way, paste an encoded value and click Decode.

Encode the value, not the whole URL

This is the mistake that bites people. There are two encoding functions, and they exist for two different jobs:

encodeURIComponent — encodes a single component, escaping the structural characters &, =, ?, /, #, and more. This is the right choice for a query-parameter value, because you want a literal & inside your value to become %26 so it is not mistaken for a parameter separator.
encodeURI — encodes a whole URL and deliberately leaves &, =, ?, and /alone so the URL's structure stays intact. Using it on a single value would leave those characters dangerous.

Rule of thumb: building a URL from a template? Encode each value with encodeURIComponent first, then slot the encoded pieces into the structure. The URL Encoder above does the encodeURIComponent-style job, so paste values, not whole links.

%20 vs + for spaces

You will see a space encoded two ways. In percent-encoding a space is %20, and that is always safe anywhere in a URL. In the query string of an HTML form submission (the application/x-www-form-urlencoded format), a space is conventionally written as +. Both decode back to a space within a query string, but a literal + in a path stays a plus. When in doubt, %20 never surprises you.

Common characters and their encodings

space → %20
& → %26
= → %3D
? → %3F
/ → %2F
# → %23

Decoding values you find in the wild

The reverse is just as common: you copy a URL out of a log or an API response and it is full of %20 and %3D noise. Paste it into the decoder to read it. And if a query parameter turns out to hold a Base64 blob, hand that off to the Base64 decoder — query strings frequently carry encoded payloads inside an already-encoded value.

Frequently asked questions

How do I URL-encode a value for a query parameter?

Percent-encode the value so reserved characters like spaces, '&', '=', and '?' become safe sequences (a space becomes %20). Paste the value into QuickWand's URL Encoder, encode it in your browser, and drop the result into your query string after the '='.

What's the difference between encodeURI and encodeURIComponent?

encodeURI encodes a whole URL and deliberately leaves structural characters like '&', '=', '?', and '/' alone, so it's wrong for a single value. encodeURIComponent encodes a single component (like one query-parameter value) and escapes those characters too — that's the one you want for a query parameter.

Why does a space sometimes become '+' and sometimes '%20'?

In the path or with percent-encoding, a space is %20. In the query string of HTML form submissions (application/x-www-form-urlencoded), a space is conventionally '+'. Both decode back to a space in that context, but %20 is always safe; '+' only means space inside a query string.

Is the URL encoder safe to use for private values?

Yes. QuickWand's URL Encoder runs entirely in your browser, so the text you encode or decode is never sent to a server. You can safely paste values that contain tokens, IDs, or other sensitive data.