PHP Function UrlEncode - Encoding URLs in PHP

If you’re working with URLs in PHP, you should know that you need to encode them before sending them over the Internet. This is because certain characters in a URL have special meanings and can cause errors if not encoded properly. The php function urlencode converts these characters into an arrangement that can be transmitted over the Internet.

In this article, we’ll learn how to use the php function urlencode and its counterpart, urldecode, to encode and decode strings for URLs in PHP. We’ll also look at why we need to encode URLs in the first place and how encoding can help us prevent common mistakes that can be made when using URLs.

You can use php function urlencode to encode any string that contains special characters into a format that can be transmitted over the Internet. The urlencode function replaces all non-alphanumeric characters with a combo of percent sign and two hex digits, and it replaces spaces with +. The htmlspecialchars() function can also be used to encode strings in PHP, but it differs from urlencode in that it preserves the original character, while urlencode replaces it with an empty space.

Another difference between htmlspecialchars and urlencode is that the latter uses an older encoding scheme. You can use the htmlspecialchars() function to change the default arg_separator of PHP to a semi-colon, but it’s best to stick with urlencode for most situations.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

urlencode example

public function testBubblingMetadataWithRenderable() {
    $link = new Link('', Url::fromRoute('<current>'));

    $context = new RenderContext();
    // Use a closure here since we need to render with a render context.     $theme_render_and_autoescape = function D) use ($link) {
      return theme_render_and_autoescape($link);
    };
    /** @var \Drupal\Core\Render\RendererInterface $renderer */
    $renderer = \Drupal::service('renderer');
    $output = $renderer->executeInRenderContext($context$theme_render_and_autoescape);
    $this->assertEquals('<a href="/' . urlencode('<none>') . '"></a>', $output);
    /** @var \Drupal\Core\Render\BubbleableMetadata $metadata */
    $metadata = $context->pop();
    $this->assertEquals(['route']$metadata->getCacheContexts());
  }

}

class NonPrintable {}
'entry_point' => $firewallConfig->getEntryPoint(),
                    'access_denied_handler' => $firewallConfig->getAccessDeniedHandler(),
                    'access_denied_url' => $firewallConfig->getAccessDeniedUrl(),
                    'user_checker' => $firewallConfig->getUserChecker(),
                    'authenticators' => $firewallConfig->getAuthenticators(),
                ];

                // generate exit impersonation path from current request                 if ($this->data['impersonated'] && null !== $switchUserConfig = $firewallConfig->getSwitchUser()) {
                    $exitPath = $request->getRequestUri();
                    $exitPath .= null === $request->getQueryString() ? '?' : '&';
                    $exitPath .= sprintf('%s=%s', urlencode($switchUserConfig['parameter']), SwitchUserListener::EXIT_VALUE);

                    $this->data['impersonation_exit_path'] = $exitPath;
                }
            }
        }

        // collect firewall listeners information         $this->data['listeners'] = [];
        if ($this->firewall) {
            $this->data['listeners'] = $this->firewall->getWrappedListeners();
        }

        
public function no_items() {
        global $plugins;

        if ( ! empty( $_REQUEST['s'] ) ) {
            $s = esc_html( urldecode( wp_unslash( $_REQUEST['s'] ) ) );

            /* translators: %s: Plugin search term. */
            printf( __( 'No plugins found for: %s.' ), '<strong>' . $s . '</strong>' );

            // We assume that somebody who can install plugins in multisite is experienced enough to not need this helper link.             if ( ! is_multisite() && current_user_can( 'install_plugins' ) ) {
                echo ' <a href="' . esc_url( admin_url( 'plugin-install.php?tab=search&s=' . urlencode( $s ) ) ) . '">' . __( 'Search for plugins in the WordPress Plugin Directory.' ) . '</a>';
            }
        } elseif ( ! empty( $plugins['all'] ) ) {
            _e( 'No plugins found.' );
        } else {
            _e( 'No plugins are currently available.' );
        }
    }

    /** * Displays the search box. * * @since 4.6.0 * * @param string $text The 'submit' button label. * @param string $input_id ID attribute value for the search input field. */
$submenu['themes.php'][6] = array( _x( 'Editor', 'site editor menu item' ), 'edit_theme_options', 'site-editor.php' );
}

if ( ! wp_is_block_theme() && current_theme_supports( 'block-template-parts' ) ) {
    $submenu['themes.php'][6] = array(
        __( 'Template Parts' ),
        'edit_theme_options',
        'site-editor.php?path=/wp_template_part/all',
    );
}

$customize_url = add_query_arg( 'return', urlencode( remove_query_arg( wp_removable_query_args()wp_unslash( $_SERVER['REQUEST_URI'] ) ) ), 'customize.php' );

// Hide Customize link on block themes unless a plugin or theme // is using 'customize_register' to add a setting. if ( ! wp_is_block_theme() || has_action( 'customize_register' ) ) {
    $position = ( wp_is_block_theme() || current_theme_supports( 'block-template-parts' ) ) ? 7 : 6;

    $submenu['themes.php'][ $position ] = array( __( 'Customize' ), 'customize', esc_url( $customize_url ), '', 'hide-if-no-customize' );
}

if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) {
    $submenu['themes.php'][10] = array( __( 'Menus' ), 'edit_theme_options', 'nav-menus.php' );
}
/** * {@inheritdoc} */
  public function setCookie($name$value = NULL) {
    if ($value === NULL) {
      $this->getWebDriverSession()->deleteCookie($name);
      return;
    }

    $cookieArray = [
      'name' => $name,
      'value' => urlencode($value),
      'secure' => FALSE,
      // Unlike \Behat\Mink\Driver\Selenium2Driver::setCookie we set a domain       // and an expire date, as otherwise cookies leak from one test site into       // another.       'domain' => parse_url($this->getWebDriverSession()->url(), PHP_URL_HOST),
      'expires' => time() + 80000,
    ];

    $this->getWebDriverSession()->setCookie($cookieArray);
  }

  
$repository = $this->get('models')->getRepository(Shop::class);
        $shop = $repository->getActiveDefault();

        if (!$shop instanceof Shop) {
            throw new Exception('Invalid shop provided.');
        }

        $this->get(ShopRegistrationServiceInterface::class)->registerShop($shop);

        $url = $this->Front()->ensureRouter()->assemble(['module' => 'frontend', 'controller' => 'index']);

        $this->redirect($url . '?sPartner=' . urlencode($partnerId));
    }

    protected function initAcl()
    {
        /* * permission to list all partner */
        $this->addAclPermission('getList', 'read', 'Insufficient Permissions');

        /* * permission to view the statistic information's and downloads */
if ( in_array( $user_object->user_login, get_super_admins(), true ) ) {
                $super_admin = ' &mdash; ' . __( 'Super Admin' );
            }
        }

        // Check if the user for this row is editable.         if ( current_user_can( 'list_users' ) ) {
            // Set up the user editing link.             $edit_link = esc_url(
                add_query_arg(
                    'wp_http_referer',
                    urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
                    get_edit_user_link( $user_object->ID )
                )
            );

            if ( current_user_can( 'edit_user', $user_object->ID ) ) {
                $edit            = "<strong><a href=\"{$edit_link}\">{$user_object->user_login}</a>{$super_admin}</strong><br />";
                $actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>';
            } else {
                $edit = "<strong>{$user_object->user_login}{$super_admin}</strong><br />";
            }

            
$expected_base_url = Url::fromRoute(sprintf('jsonapi.%s.individual', static::$resourceTypeName)['entity' => $this->entity->uuid()])->setAbsolute();
    $include_url = clone $expected_base_url;
    $query = ['include' => implode(',', $include_paths)];
    $include_url->setOption('query', $query);
    $individual_document['links']['self']['href'] = $include_url->toString();

    // The test entity reference field should always be present.     if (!isset($individual_document['data']['relationships']['field_jsonapi_test_entity_ref'])) {
      if (static::$resourceTypeIsVersionable) {
        assert($this->entity instanceof RevisionableInterface);
        $version_identifier = 'id:' . $this->entity->getRevisionId();
        $version_query_string = '?resourceVersion=' . urlencode($version_identifier);
      }
      else {
        $version_query_string = '';
      }
      $individual_document['data']['relationships']['field_jsonapi_test_entity_ref'] = [
        'data' => [],
        'links' => [
          'related' => [
            'href' => $expected_base_url->toString() . '/field_jsonapi_test_entity_ref' . $version_query_string,
          ],
          'self' => [
            
$shopId = Random::getAlphanumericString(12);

        $handshake = new PrivateHandshake($shopUrl$secret$appEndpoint, '', $shopId, Kernel::SHOPWARE_FALLBACK_VERSION);

        $request = $handshake->assembleRequest();
        static::assertStringStartsWith($appEndpoint(string) $request->getUri());

        $queryParams = [];
        parse_str($request->getUri()->getQuery()$queryParams);

        static::assertArrayHasKey('shop-url', $queryParams);
        static::assertEquals(urlencode($shopUrl)$queryParams['shop-url']);

        static::assertArrayHasKey('shop-id', $queryParams);
        static::assertEquals($shopId$queryParams['shop-id']);

        static::assertArrayHasKey('timestamp', $queryParams);
        static::assertIsString($queryParams['timestamp']);
        static::assertNotEmpty($queryParams['timestamp']);

        static::assertTrue($request->hasHeader('shopware-app-signature'));
        static::assertEquals(
            hash_hmac('sha256', $request->getUri()->getQuery()$secret),
            
if ( empty( $theme_info ) ) {
            return;
        }

        $name       = $theme_info->display( 'Name' );
        $stylesheet = $this->upgrader->result['destination_name'];
        $template   = $theme_info->get_template();

        $activate_link = add_query_arg(
            array(
                'action'     => 'activate',
                'template'   => urlencode( $template ),
                'stylesheet' => urlencode( $stylesheet ),
            ),
            admin_url( 'themes.php' )
        );
        $activate_link = wp_nonce_url( $activate_link, 'switch-theme_' . $stylesheet );

        $install_actions = array();

        if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) && ! $theme_info->is_block_theme() ) {
            $customize_url = add_query_arg(
                array(
                    

    function _wp_sanitize_utf8_in_redirect( $matches ) {
        return urlencode( $matches[0] );
    }
endif;

if ( ! function_exists( 'wp_safe_redirect' ) ) :
    /** * Performs a safe (local) redirect, using wp_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * Note: wp_safe_redirect() does not exit automatically, and should almost always be * followed by a call to `exit;`: * * wp_safe_redirect( $url ); * exit; * * Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional * in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters: * * if ( wp_safe_redirect( $url ) ) { * exit; * } * * @since 2.3.0 * @since 5.1.0 The return value from wp_redirect() is now passed on, and the `$x_redirect_by` parameter was added. * * @param string $location The path or URL to redirect to. * @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily). * @param string $x_redirect_by Optional. The application doing the redirect. Default 'WordPress'. * @return bool False if the redirect was canceled, true otherwise. */


        $plugin_file = $this->upgrader->plugin_info();

        $install_actions = array();

        $from = isset( $_GET['from'] ) ? wp_unslash( $_GET['from'] ) : 'plugins';

        if ( 'import' === $from ) {
            $install_actions['activate_plugin'] = sprintf(
                '<a class="button button-primary" href="%s" target="_parent">%s</a>',
                wp_nonce_url( 'plugins.php?action=activate&amp;from=import&amp;plugin=' . urlencode( $plugin_file ), 'activate-plugin_' . $plugin_file ),
                __( 'Activate Plugin &amp; Run Importer' )
            );
        } elseif ( 'press-this' === $from ) {
            $install_actions['activate_plugin'] = sprintf(
                '<a class="button button-primary" href="%s" target="_parent">%s</a>',
                wp_nonce_url( 'plugins.php?action=activate&amp;from=press-this&amp;plugin=' . urlencode( $plugin_file ), 'activate-plugin_' . $plugin_file ),
                __( 'Activate Plugin &amp; Go to Press This' )
            );
        } else {
            $install_actions['activate_plugin'] = sprintf(
                '<a class="button button-primary" href="%s" target="_parent">%s</a>',
                

    // Noto Serif is no longer used by core, but may be relied upon by themes and plugins.     $fonts_url = '';

    /* * translators: Use this to specify the proper Google Font name and variants * to load that is supported by your language. Do not translate. * Set to 'off' to disable loading. */
    $font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' );
    if ( 'off' !== $font_family ) {
        $fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family );
    }
    $styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7.     $block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css";
    $styles->add( 'wp-block-library-theme', "/$block_library_theme_path);
    $styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path );

    $styles->add(
        'wp-reset-editor-styles',
        "/wp-includes/css/dist/block-library/reset$suffix.css",
        array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles.     );

    
<?php _e( 'Theme Files' ); ?></h2> <ul role="tree" aria-labelledby="theme-files-label"> <?php if ( $theme->parent() ) : ?> <li class="howto"> <?php                 printf(
                    /* translators: %s: Link to edit parent theme. */
                    __( 'This child theme inherits templates from a parent theme, %s.' ),
                    sprintf(
                        '<a href="%s">%s</a>',
                        self_admin_url( 'theme-editor.php?theme=' . urlencode( $theme->get_template() ) ),
                        $theme->parent()->display( 'Name' )
                    )
                );
                ?> </li> <?php endif; ?> <li role="treeitem" tabindex="-1" aria-expanded="true" aria-level="1" aria-posinset="1" aria-setsize="1"> <ul role="group"> <?php wp_print_theme_file_tree( wp_make_theme_file_tree( $allowed_files ) ); ?> </ul> </li> </ul> </div>

        if (!empty($this->curl_options))
        {
            foreach ($this->curl_options as $k => $v)
            {
                $options[$k] = $v;
            }
        }
        if (!empty($options))
        {
            ksort($options);
            $url .= '#' . urlencode(var_export($options, true));
        }
        return call_user_func($this->cache_name_function, $url);
    }

    /** * Set whether feed items should be sorted into reverse chronological order * * @param bool $enable Sort as reverse chronological order. */
    public function enable_order_by_date($enable = true)
    {
        
Home | Imprint | This part of the site doesn't use cookies.