(PHP 3, PHP 4, PHP 5)

urlencode -- 编码 URL 字符串


string urlencode ( string str )

返回字符串,此字符串中除了 -_. 之外的所有非字母数字字符都将被替换成百分号(%)后跟两位十六进制数,空格则编码为加号(+)。此编码与 WWW 表单 POST 数据的编码方式是一样的,同时与 application/x-www-form-urlencoded 的媒体类型编码方式一样。由于历史原因,此编码在将空格编码为加号(+)方面与 RFC1738 编码(参见 rawurlencode())不同。此函数便于将字符串编码并将其用于 URL 的请求部分,同时它还便于将变量传递给下一页:

例子 1. urlencode() 示例

echo '<a href="mycgi?foo=', urlencode($userinput), '">';

注意:小心与 HTML 实体相匹配的变量。像 &amp、&copy 和 &pound 都将被浏览器解析,并使用实际实体替代所期待的变量名。这是明显的混乱,W3C 已经告诫人们好几年了。参考地址:http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.2 PHP 通过 arg_separator .ini 指令,支持将参数分割符变成 W3C 所建议的分号。不幸的是大多数用户代理并不发送分号分隔符格式的表单数据。较为简单的解决办法是使用 &amp; 代替 & 作为分隔符。你不需要为此修改 PHP 的 arg_separator。让它仍为 &,而仅使用 htmlentities(urlencode($data)) 对你的 URL 进行编码。

例子 2. urlencode()htmlentities() 示例

echo '<a href="mycgi?foo=', htmlentities(urlencode($userinput)), '">';

参见 urldecode()htmlentities()rawurldecode()rawurlencode()

add a note add a note User Contributed Notes
Roamy: info AT roamy DOT de
29-Jan-2006 03:58
<?// urlencode + urldecode 4 Linux/Unix-Servers:=============
//=====This small script matches all encoded String for ========
//=====Linux/Unix-Servers For IIS it got to be  The Other Way  ==
//===== around...and remember in a propper Url =============
//===== there shoudn't be the 'dirty Letter': %C3==============
function int2hex($intega){
$Ziffer = "0123456789ABCDEF";
$in = "%".int2hex($i);
$out = "%C3%".int2hex($i-64);
$text = str_replace($in,$out,$text);
$text = urlencode($text);
$in = "%".int2hex($i);
$out = "%C3%".int2hex($i-64);
$text = str_replace($in,$out,$text);
torecs at sfe dot uio dot no
11-Jan-2006 07:30
This very simple function makes an valid parameters part of an URL, to me it looks like several of the other versions here are decoding wrongly as they do not convert & seperating the variables into &amp;.

  $vars=array('name' => 'tore','action' => 'sell&buy');
  echo MakeRequestUrl($vars);
  /* Makes an valid html request url by parsing the params array
   * @param $params The parameters to be converted into URL with key as name.
  function MakeRequestUrl($params)
   foreach ($params as $name => $value)
     // Cut the last '&'
     return htmlentities($querystring);

  Will output: action=sell%26buy&amp;name=tore
roberlamerma at gmail dot com
22-Nov-2005 11:00
I rewrote inus at flowingcreativity dot net function to generate an encoded url string from the POST, or GET array. It handles properly POST/GET array vars.

function _HTTPRequestToString($arr_request, $var_name, $separator='&') {
   $ret = "";
   if (is_array($arr_request)) {
       foreach ($arr_request as $key => $value) {
           if (is_array($value)) {
               if ($var_name) {
                   $ret .= $this->_HTTPRequestToString($value, "{$var_name}[{$key}]", $separator);
               } else {
                   $ret .= $this->_HTTPRequestToString($value, "{$key}", $separator);
           } else {
               if ($var_name) {
                   $ret .= "{$var_name}[{$key}]=".urlencode($value)."&";
               } else {
                   $ret .= "{$key}=".urlencode($value)."&";
   if (!$var_name) {
       $ret = substr($ret,0,-1);
   return $ret;
01-Nov-2005 12:54
Just remember that according to W3C standards, you must rawurlencode() the link that's provided at the end of a mailto.

<a href="mailto:jdoe@some.where.com?Subject=Simple testing(s)&bcc=jane@some.where.com">Mail Me</a>

Needs to be escaped (which rawurlencode() does for us).
The colon is OK after "mailto", as is the "@" after the e-mail name.
However, the rest of the URL needs to be encoded, replacing the following:
'?' => %3F
'=' => %3D
' ' => %20
'(' => %28
')' => %29
'&' => %26
'@' => %40 (note this one is in 'jane@some.where.com'

I tried to post the note with the correct text (that is the characters replaced in the note), but it said that there was a line that was too long, and so wouldn't let me add the note.

As a secondary note, I noticed that the auto-conversion routines at this site itself stopped the link at the space after "Simple testing(s)' in the first entry shown above.
bisqwit at iki dot fi
02-Sep-2005 04:27
Constructing hyperlinks safely HOW-TO:

= 'machine/generated/part';
$url_parameter1 = 'this is a string';
$url_parameter2 = 'special/weird "$characters"';

$url = 'http://example.com/lab/cgi/test/'. rawurlencode($path_component) . '?param1=' . urlencode($url_parameter1) . '&param2=' . urlencode($url_parameter2);

$link_label = "Click here & you'll be <happy>";

'<a href="', htmlspecialchars($url), '">', htmlspecialchars($link_label), '</a>';

This example covers all the encodings you need to apply in order to create URLs safely without problems with any special characters. It is stunning how many people make mistakes with this.

- Use urlencode for all GET parameters (things that come after each "=").
- Use rawurlencode for parts that come before "?".
- Use htmlspecialchars for HTML tag parameters and HTML text content.
R Mortimer
26-Aug-2005 04:14
Do not let the browser auto encode an invalid URL. Not all browsers perform the same encodeing. Keep it cross browser do it server side.
13-Aug-2005 01:24
Diferrent from the above example you do not have to encode URLs in hrefs with this. The browser does it automaticaly, so you just have to encode it with htmlentities() ;)
linus at flowingcreativity dot net
05-Jul-2005 12:14
I just came across the need for a function that exports an array into a query string. Being able to use urlencode($theArray) would be nice, but here's what I came up with:


function urlencode_array(
$var,                // the array value
$varName,            // variable name to be used in the query string
$separator = '&'    // what separating character to use in the query string
) {
$toImplode = array();
   foreach (
$var as $key => $value) {
       if (
is_array($value)) {
$toImplode[] = urlencode_array($value, "{$varName}[{$key}]", $separator);
       } else {
$toImplode[] = "{$varName}[{$key}]=".urlencode($value);
implode($separator, $toImplode);


This function supports n-dimensional arrays (it encodes recursively).
edwardzyang at thewritingpot dot com
16-Apr-2005 04:48
I was testing my input sanitation with some strange character entities. Ones like  and  were passed correctly and were in their raw form when I passed them through without any filtering.

However, some weird things happen when dealing with characters like (these are HTML entities): &#8252; &#9616; &#9488;and &#920; have weird things going on.

If you try to pass one in Internet Explorer, IE will *disable* the submit button. Firefox, however, does something weirder: it will convert it to it's HTML entity. It will display properly, but only when you don't convert entities.

The point? Be careful with decorative characters.

PS: If you try copy/pasting one of these characters to a TXT file, it will translate to a ?.
17-Feb-2005 07:49
The information on this page is misleading in that you might think the ampersand (&) will only need to be escaped as &amp; when there is ambiguity with an existing character entity. This is false; the W3C page linked to from here clarifies that the ampersands must ALWAYS be escaped.

The following:

  <a href='/script.php?variable1=value1&variable2=value2'>Link</a>

is INVALID HTML. It needs to be written as:

  <a href='/script.php?variable1=value1&amp;variable2=value2'>Link</a>

in order for the link to go to:


I applaud the W3C's recommendation to use semicolons (';') instead of the ampersands, but it doesn't really change the fact that you still need to HTML-escape the value of all your HTML tag attributes. The following:

  <span title='Rose & Mary'>Some text</span>

is also INVALID HTML. It needs to be escaped as:

  <span title='Rose &amp; Mary'>Some text</span>
george at ishop dot com
04-Nov-2004 05:35
---[ Editor's Note ]---
You can also use rawurlencode() here, and skip the functions provided in this note.
---[ /Editor's Nore]---

For handling slashes in redirections, (see comment from cameron at enprises dot com), try this :

function myurlencode ( $TheVal )
 return urlencode (str_replace("/","%2f",$TheVal));

function myurldecode ( $TheVal )
 return str_replace("%2f","/",urldecode ($TheVal));

This is effectively a double urlencode for slashes and single urlencode for everything else.  So, it is more "standardised" than his suggestion of using a + sign, and more readable (and search engine indexable) than a full double encode/decode.
neugey at cox dot net
18-Sep-2004 04:51
Be careful when encoding strings that came from simplexml in PHP 5.  If you try to urlencode a simplexml object, the script tanks.

I got around the problem by using a cast.

$newValue = urlencode( (string) $oldValue );
monty3 at hotmail dot com
09-Sep-2004 04:00
If you want to pass a url with parameters as a value IN a url AND through a javascript function, such as...

   <a href="javascript:openWin('page.php?url=index.php?id=4&pg=2');">

...pass the url value through the PHP urlencode() function twice, like this...


= "index.php?id=4&pg=2";
$url = urlencode(urlencode($url));

"<a href=\"javascript:openWin('page.php?url=$url');\">";

On the page being opened by the javascript function (page.php), you only need to urldecode() once, because when javascript 'touches' the url that passes through it, it decodes the url once itself. So, just decode it once more in your PHP script to fully undo the double-encoding...


= urldecode($_GET['url']);

If you don't do this, you'll find that the result url value in the target script is missing all the var=values following the ? question mark...

issue9mm at leafapplication dot com
08-Oct-2002 09:53
Just a simple comment, really, but if you need to encode apostrophes, you should be using rawurlencode as opposed to just urlencode.

Naturally, I figured that out the hard way.