Pro Plugin Sale! Save 25% on all pro plugins w/ code: SEASONS
Web Dev + WordPress + Security

How to Write Valid URL Query String Parameters

When building web pages, it is often necessary to add links that require parameterized query strings. For example, when adding links to the various validation services, you may find yourself linking to an accessibility checker, such as the freely available Cynthia service:

<a href="">WCAG Accessibility Check</a>

Another example is seen when linking your feed to a feed validation service:

<a href="">RSS Feed Validation</a>

And one final example showing a more complex query string:

<a href=" title of a post">Bookmark at Delicious</a>

As is, however, these links won’t validate due to a number of issues. Let’s fix ‘em up with a few quick-and-easy changes.

Replace ampersands with “&amp;”

One of the reasons these links aren’t validating is because they contain non-encoded ampersand ( & ) characters. Ampersands are often used in URL query strings to demarcate granular chunks of information, for example:


..which provides several different chunks of information about everybody’s favorite hellion. To get this code to validate, we need to encode the ampersands with &, for example:


Replacing the ampersand characters with encoded equivalents does not change the functionality of the query string, but it does produce completely valid code.

Encode other special characters

Let’s return to our Delicious example for a moment:

<a href=" title of a post">Bookmark at Delicious</a>

The ampersand has been fixed, but this code still won’t validate due to the blank spaces in the title parameter. To fix this, we need to encode those blank spaces with their escaped hexadecimal equivalents, like so:

<a href="">Bookmark at Delicious</a>

..such that

&title=The title of a post



..which is to say that a blank space is equivalent to “%20”.

Likewise, you should also encode any other special characters. For example, here is that previous feed validation link:

<a href="">RSS Feed Validation</a>

If needed, we could encode the special characters in the url parameter like so:

<a href="">RSS Feed Validation</a>

As you can see, we have made the following replacements:

: with %3A
/ with %2F

As before, the encoded values function just as well as the non-encoded characters, with the added bonus that your code will validate!

Here is a good list of URL character codes

Tips and Tricks

The previous examples demonstrate the logic and technique behind writing valid URL query string parameters, but there are easier, more efficient ways to produce valid, dynamic links. First of all, rather than manually replacing each and every special character with its encoded equivalent, we can use the magical powers of PHP’s urlencode() function.

Let’s take an example from my recent article, Fully Valid, SEO-Friendly Social Media Links for WordPress:

<a href=" reading: <?php the_permalink(); ?>">Tweet this!</a>

This example provides a link to enable users to quickly post the URL of your posts to their Twitter feed. As is, the blank spaces in the status parameter render the code invalid. To change this, we use the urlencode() function like:

<a href="<?php echo urlencode("Currently reading: "); ?><?php the_permalink(); ?>">Tweet this!</a>

..which is now completely valid. Using this technique, we can encode any character string dynamically and easily. For WordPress users, we can even use urlencode() to dynamically encode various template tags such as get_the_title(), for example:

<a href="<?php the_permalink(); ?>&title=<?php echo urlencode(get_the_title($id)); ?>">Bookmark at Delicious</a>

This technique makes it possible to include sitewide, post-specific, parameterized links using a single line of code. And best of all? The code is completely valid! Nice :)

Jeff Starr
About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
WP Themes In Depth: Build and sell awesome WordPress themes.

28 responses to “How to Write Valid URL Query String Parameters”

  1. Sorry, here it is.

    param name="FlashVars" value="ver=mk_design&t=orderFromTpl&

  2. Hey Jeff,
    Thanks for getting back to me so quickly. I saw the sample, that the above code came from work on the coders test site, but he never created folders for the parameters, or uploaded content. I think it was more of a take the money and run kind of thing. I can create folders and upload my friends content, i just have no clue what a tid, uid or sku are, etc. I can build wordpress sites all day long, but i’m lost on this kind of thing.
    Thank you very much. I have learned a lot from you site.

  3. Jeff Starr 2011/10/14 9:05 am

    Hey Chaz, generally speaking URL parameters are used by scripting languages such as PHP to keep track of things and enable specific, context-specific functionality.

    So if it were me, I would look at the site files and maybe scan/search for some of the parameter names to get an idea of their purpose.

    Hopefully that helps!

  4. thanks its helpful

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
BBQ Pro: The fastest firewall to protect your WordPress.
BF Sale! Save 40% on all Pro WordPress plugins and books w/ code FRIDAY23
Sincerely trying to engage more on social media. I love the people not the platforms.
All free and pro WordPress plugins updated and ready for WP version 6.4!
Fall season almost here :)
My greatest skill on social media is the ability to simply ignore 98% and keep scrolling without interacting.
Enjoying this summer, getting some great positive energy. Refreshing and inspiring.
☀️ Pro plugin giveaway! Enter to win 1 of 4 lifetime licenses for our WordPress security plugins, including 10-site Security Bundle!
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.