W3docs

String Functions

URL Encoder

Percent-encode a string for safe use in URLs and query parameters. Matches PHP-style encoding (space → `+`).

About the URL Encoder

This tool percent-encodes a string so it's safe to use as the value of a URL query parameter — not a whole URL. It specifically replicates PHP's urlencode() rather than plain RFC 3986 percent-encoding: spaces become + instead of %20, following the older application/x-www-form-urlencoded convention that PHP, and many form submissions, still use. The two conventions aren't interchangeable — a value encoded with %20 and decoded as +-style (or vice versa) can silently corrupt spaces in the result, so pick the one your server side actually expects.

Under the hood it calls JavaScript's built-in encodeURIComponent(), then patches two gaps against PHP's encoder. encodeURIComponent() leaves !, *, ', (, and ) unescaped because they're technically legal in a URI; the tool replaces each with its %XX code (%21, %2A, %27, %28, %29). It then swaps every %20 for +. The transform is synchronous, pure JavaScript with no dependencies, and it runs entirely in your browser — your input is never sent to a server, so it's safe to paste internal URLs, tokens, or any text you'd rather not transmit.

Reach for it when hand-building a query string and the value contains spaces, &, =, #, or non-ASCII characters that would otherwise break parsing or truncate at the first special character. It's also useful for debugging cross-backend mismatches: if a link built in JavaScript decodes differently on a PHP endpoint, encode the same input here and compare it against encodeURIComponent()'s raw output to see exactly which characters PHP treats differently.

Examples

Encode a query-string valuetext
Input:  John Doe & Sons
Output: John+Doe+%26+Sons

Spaces become + and & becomes %26 — PHP-style encoding, not %20-style RFC 3986 encoding.

Characters encodeURIComponent() leaves unescapedtext
Input:
Hello World! (test) 'quote' *star*

encodeURIComponent() alone:
Hello%20World!%20(test)%20'quote'%20*star*

This tool (PHP urlencode() parity):
Hello+World%21+%28test%29+%27quote%27+%2Astar%2A

! ' ( ) * are all valid in a URI, so encodeURIComponent() skips them. PHP's urlencode() escapes them anyway, and so does this tool.

Same encoding as a JS one-linerjs
function urlEncodePhpStyle(str) {
  return encodeURIComponent(str)
    .replace(/[!'()*]/g, (c) =>
      '%' + c.charCodeAt(0).toString(16).toUpperCase()
    )
    .replace(/%20/g, '+')
}

urlEncodePhpStyle('100% done & ready?')
// '100%25+done+%26+ready%3F'

Drop this into your own code if you need PHP-compatible encoding without a round trip through the page.

Frequently asked questions

What's the difference between this tool and JavaScript's encodeURIComponent()?

encodeURIComponent() leaves !, *, ', (, and ) unescaped because they're technically legal characters in a URI, and it encodes a space as %20. This tool starts from encodeURIComponent()'s output, converts those five characters to %21, %2A, %27, %28, and %29, and swaps %20 for +, matching PHP's urlencode() exactly.

Why does a space get encoded to + instead of %20?

This tool matches PHP's urlencode(), which follows the application/x-www-form-urlencoded convention where a space is written as +. The URI standard (RFC 3986) and JavaScript's native encodeURIComponent() encode a space as %20 instead — both are valid, but the code decoding the value needs to use the same convention you encoded with.

Can I use this to encode an entire URL, not just a value?

No — run it only on the value of a single parameter. Structural characters like /, ?, &, and = get percent-encoded too (a / becomes %2F), so encoding a full URL breaks it instead of protecting it.

Does this tool send my text to a server?

No. Encoding happens entirely in your browser via JavaScript's encodeURIComponent(); nothing you type leaves the page, so it's safe to paste internal URLs, tokens, or other sensitive values.

How is URL encoding different from Base64 encoding?

URL encoding (percent-encoding) only escapes the specific characters that are unsafe in a URL and leaves the rest of the text readable. Base64 re-encodes the entire input into a compact ASCII block, commonly used for binary data or tokens like JWTs — and Base64's own output (+, /, =) isn't URL-safe, so it often needs a further pass of URL encoding before it can go in a query string.