How to properly URL encode a string in PHP?

php urlencode

For the URI query use urlencode/urldecode; for anything else use rawurlencode/rawurldecode.

The difference between urlencode and rawurlencode is that

  • urlencode encodes according to application/x-www-form-urlencoded (space is encoded with +) while
  • rawurlencode encodes according to the plain Percent-Encoding (space is encoded with %20).

The cunningly-named urlencode() and urldecode().

However, you shouldn't need to use urldecode() on variables that appear in $_POST and $_GET.


Here is my use case, which requires an exceptional amount of encoding. Maybe you think it contrived, but we run this on production. Coincidently, this covers every type of encoding, so I'm posting as a tutorial.

Use case description

Somebody just bought a prepaid gift card ("token") on our website. Tokens have corresponding URLs to redeem them. This customer wants to email the URL to someone else. Our web page includes a mailto link that lets them do that.

PHP code

// The order system generates some opaque token
$token = 'w%a&!e#"^2(^@azW';

// Here is a URL to redeem that token
$redeemUrl = 'https://httpbin.org/get?token=' . urlencode($token);

// Actual contents we want for the email
$subject = 'I just bought this for you';
$body = 'Please enter your shipping details here: ' . $redeemUrl;

// A URI for the email as prescribed
$mailToUri = 'mailto:?subject=' . rawurlencode($subject) . '&body=' . rawurlencode($body);

// Print an HTML element with that mailto link
echo '<a href="' . htmlspecialchars($mailToUri) . '">Email your friend</a>';

Note: the above assumes you are outputting to a text/html document. If your output media type is text/json then simply use $retval['url'] = $mailToUri; because output encoding is handled by json_encode().

Test case

  1. Run the code on a PHP test site (is there a canonical one I should mention here?)
  2. Click the link
  3. Send the email
  4. Get the email
  5. Click that link

You should see:

"args": {
  "token": "w%a&!e#\"^2(^@azW"
},

And of course this is the JSON representation of $token above.

Related

How to clamp an integer to some range?
PowerShell difference between Write-Host and Write-Output?
Error message Strict standards: Non-static method should not be called statically in php
jQuery UI " $("#datepicker").datepicker is not a function"
How to force garbage collector to run?
LINQ to Entities does not recognize the method 'Double Parse(System.String)' method, and this method cannot be translated into a store expression
Android Camera will not work. startPreview fails
How to change entry point of C program with gcc?
Checking for null before event dispatching... thread safe?
How can I build a recursive function in python? [duplicate]
Bypass GeneratedValue in Hibernate (merge data not in db?)
Purpose of Default or Defender methods in Java 8