Advertisement
Advertisement


Escaping ampersand in URL


Question

I am trying to send a GET message that contains strings with ampersands and can't figure how to escape the ampersand in the URL.

Example:

http://www.example.com?candy_name=M&M
result => candy_name = M

I also tried:

http://www.example.com?candy_name=M\&M
result => candy_name = M\\

I am using URLs manually, so I just need the correct characters.

I can't use any libraries. How can it be done?

2019/10/15
1
206
10/15/2019 9:03:52 PM

Accepted Answer

They need to be percent-encoded:

> encodeURIComponent('&')
"%26"

So in your case, the URL would look like:

http://www.mysite.com?candy_name=M%26M
2013/05/18
358
5/18/2013 9:12:10 AM

This does not only apply to the ampersand in URLs, but to all reserved characters. Some of which include:

 # $ & + ,  / : ; = ? @ [ ]

The idea is the same as encoding an &in an HTML document, but the context has changed to be within the URI, in addition to being within the HTML document. So, the percent-encoding prevents issues with parsing inside of both contexts.

The place where this comes in handy a lot is when you need to put a URL inside of another URL. For example, if you want to post a status on Twitter:

http://www.twitter.com/intent/tweet?status=What%27s%20up%2C%20StackOverflow%3F(http%3A%2F%2Fwww.stackoverflow.com)

There's lots of reserved characters in my Tweet, namely ?'():/, so I encoded the whole value of the status URL parameter. This also is helpful when using mailto: links that have a message body or subject, because you need to encode the body and subject parameters to keep line breaks, ampersands, etc. intact.

When a character from the reserved set (a "reserved character") has special meaning (a "reserved purpose") in a certain context, and a URI scheme says that it is necessary to use that character for some other purpose, then the character must be percent-encoded. Percent-encoding a reserved character involves converting the character to its corresponding byte value in ASCII and then representing that value as a pair of hexadecimal digits. The digits, preceded by a percent sign ("%") which is used as an escape character, are then used in the URI in place of the reserved character. (For a non-ASCII character, it is typically converted to its byte sequence in UTF-8, and then each byte value is represented as above.) The reserved character "/", for example, if used in the "path" component of a URI, has the special meaning of being a delimiter between path segments. If, according to a given URI scheme, "/" needs to be in a path segment, then the three characters "%2F" or "%2f" must be used in the segment instead of a raw "/".

http://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters

2016/05/24

Try using http://www.example.org?candy_name=M%26M.

See also this reference and some more information on Wikipedia.

2018/11/03

You can use the % character to 'escape' characters that aren't allowed in URLs. See [RFC 1738].

A table of ASCII values on http://www.asciitable.com/.

You can see & is 26 in hexadecimal - so you need M%26M.

2018/11/03

This may help if someone want it in PHP

$variable ="candy_name=M&M";
$variable = str_replace("&", "%26", $variable);
2018/11/04

If you can't use any libraries to encode the value, http://www.urlencoder.org/ or http://www.urlencode-urldecode.com/ or ...

Just enter your value "M&M", not the full URL ;-)

2018/11/03