URL encoder/decoder

How to use the URL encoder/decoder

1. Paste a URL or query string into the input area.
2. Pick direction: encode (percent-escape special characters) or decode (reverse).
3. Choose component: full URL, query parameter, or path segment — each uses a different escape set.
4. Copy the transformed output.

When to use it

Encode whenever you build a URL from user-provided data — search queries, filter values, OAuth callbacks. JavaScript's encodeURIComponent handles query values; encodeURI handles whole URLs. Decoding is useful for debugging why a logged URL looks wrong or for reading opaque callback parameters. Don't double-encode: if your framework already encodes, applying it twice breaks everything.

Frequently asked questions

What's the difference between encodeURI and encodeURIComponent?

encodeURI preserves URL syntax (/, ?, #, :) so it's safe for whole URLs. encodeURIComponent escapes everything non-alphanumeric, which is what you want for query parameter values.

Why do I see + signs in my URL?

In x-www-form-urlencoded form data, spaces encode as + instead of %20. Both are valid URL encodings; the tool shows each based on the component context.

Is it safe to URL-encode user input in SQL queries?

No. URL encoding doesn't prevent SQL injection — always use parameterized queries. URL encoding is for URL context only.

What characters actually need encoding?

Anything outside the unreserved set: A-Z a-z 0-9 - _ . ~. Everything else either has URL meaning (& = ? #) or isn't URL-safe (spaces, unicode, quotes, brackets).

Related tools

• Free Base64 Encoder/Decoder
• Free HTML Entity Encoder
• Free JSON Formatter
• Free Hash Generator