New Bookstore! Save 20% on books with discount code: LAUNCH
Web Dev + WordPress + Security

How to Write Valid URL Query String Parameters

When building web pages, it is often necessary to add links that require parameterized query strings. For example, when adding links to the various validation services, you may find yourself linking to an accessibility checker, such as the freely available Cynthia service:

<a href="http://www.contentquality.com/mynewtester/cynthia.exe?Url1=http://domain.tld/&rptmode=2">WCAG Accessibility Check</a>

Another example is seen when linking your feed to a feed validation service:

<a href="http://validator.w3.org/feed/check.cgi?url=http://feeds.feedburner.com/domainfeed">RSS Feed Validation</a>

And one final example showing a more complex query string:

<a href="http://delicious.com/post?url=http://domain.tld/&title=The title of a post">Bookmark at Delicious</a>

As is, however, these links won’t validate due to a number of issues. Let’s fix ‘em up with a few quick-and-easy changes.

Replace ampersands with “&amp;”

One of the reasons these links aren’t validating is because they contain non-encoded ampersand ( & ) characters. Ampersands are often used in URL query strings to demarcate granular chunks of information, for example:

http://domain.tld/function.cgi?url=http://fonzi.com/&name=Fonzi&mood=happy&coat=leather

..which provides several different chunks of information about everybody’s favorite hellion. To get this code to validate, we need to encode the ampersands with &amp;, for example:

http://domain.tld/function.cgi?url=http://fonzi.com/&amp;name=Fonzi&amp;mood=happy&amp;coat=leather

Replacing the ampersand characters with encoded equivalents does not change the functionality of the query string, but it does produce completely valid code.

Encode other special characters

Let’s return to our Delicious example for a moment:

<a href="http://delicious.com/post?url=http://domain.tld/&amp;title=The title of a post">Bookmark at Delicious</a>

The ampersand has been fixed, but this code still won’t validate due to the blank spaces in the title parameter. To fix this, we need to encode those blank spaces with their escaped hexadecimal equivalents, like so:

<a href="http://delicious.com/post?url=http://domain.tld/&amp;title=The%20title%20of%20a%20post">Bookmark at Delicious</a>

..such that

&amp;title=The title of a post

becomes

&amp;title=The%20title%20of%20a%20post

..which is to say that a blank space is equivalent to “%20”.

Likewise, you should also encode any other special characters. For example, here is that previous feed validation link:

<a href="http://validator.w3.org/feed/check.cgi?url=http://feeds.feedburner.com/domainfeed">RSS Feed Validation</a>

If needed, we could encode the special characters in the url parameter like so:

<a href="http://validator.w3.org/feed/check.cgi?url=http%3A%2F%2Ffeeds.feedburner.com%2Fperishablepress">RSS Feed Validation</a>

As you can see, we have made the following replacements:

: with %3A
/ with %2F

As before, the encoded values function just as well as the non-encoded characters, with the added bonus that your code will validate!

Here is a good list of URL character codes

Tips and Tricks

The previous examples demonstrate the logic and technique behind writing valid URL query string parameters, but there are easier, more efficient ways to produce valid, dynamic links. First of all, rather than manually replacing each and every special character with its encoded equivalent, we can use the magical powers of PHP’s urlencode() function.

Let’s take an example from my recent article, Fully Valid, SEO-Friendly Social Media Links for WordPress:

<a href="http://twitter.com/home?status=Currently reading: <?php the_permalink(); ?>">Tweet this!</a>

This example provides a link to enable users to quickly post the URL of your posts to their Twitter feed. As is, the blank spaces in the status parameter render the code invalid. To change this, we use the urlencode() function like:

<a href="http://twitter.com/home?status=<?php echo urlencode("Currently reading: "); ?><?php the_permalink(); ?>">Tweet this!</a>

..which is now completely valid. Using this technique, we can encode any character string dynamically and easily. For WordPress users, we can even use urlencode() to dynamically encode various template tags such as get_the_title(), for example:

<a href="http://delicious.com/post?url=<?php the_permalink(); ?>&amp;title=<?php echo urlencode(get_the_title($id)); ?>">Bookmark at Delicious</a>

This technique makes it possible to include sitewide, post-specific, parameterized links using a single line of code. And best of all? The code is completely valid! Nice :)

Jeff Starr
About the Author
Jeff Starr = Creative thinker. Passionate about free and open Web.
Banhammer: Protect your WordPress site against threats.

28 responses to “How to Write Valid URL Query String Parameters”

  1. Sorry, here it is.

    param name="FlashVars" value="ver=mk_design&amp;t=orderFromTpl&amp;
    tid=1513&amp;category_id=484&amp;uid=4af4dc0449&amp;sku=484"

  2. Hey Jeff,
    Thanks for getting back to me so quickly. I saw the sample, that the above code came from work on the coders test site, but he never created folders for the parameters, or uploaded content. I think it was more of a take the money and run kind of thing. I can create folders and upload my friends content, i just have no clue what a tid, uid or sku are, etc. I can build wordpress sites all day long, but i’m lost on this kind of thing.
    Thank you very much. I have learned a lot from you site.

  3. Jeff Starr
    Jeff Starr 2011/10/14 9:05 am

    Hey Chaz, generally speaking URL parameters are used by scripting languages such as PHP to keep track of things and enable specific, context-specific functionality.

    So if it were me, I would look at the site files and maybe scan/search for some of the parameter names to get an idea of their purpose.

    Hopefully that helps!

  4. thanks its helpful

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Deep dive into WP theme development.
Thoughts
Take a screenshot with Firefox (no extension required). Open Developer Tools Settings and enable the “Take a screenshot” button. Then click the button :)
Take a screenshot with Chrome (no extension required). Open DevTools, type Cmd + Shift + P, then type screenshot.
After 10 years working on my 2010 iMac, my upgrade finally arrived. Shiny new iMac shipped from Ireland :)
Too much caffeine weirds me out. But I love the taste of coffee. So once in a while I enjoy a small cup of decaf. Hits the spot.
Chris Coyier is a truly awesome person. One of the finest people I've ever worked with. Just #gottasayit
Excel won't open CSV file because SYLK format? Open it with text editor and add an apostrophe ' at the beginning of the file, save changes, done.
Displaying too many social media buttons and links all over the place imho makes you look desperate and frankly kinda sad.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.