What characters must be escaped in an HTTP query string?

by

The answer lies in the RFC 3986 document, specifically Section 3.4.

The query component is indicated by the first question
mark (“?”) character and terminated by a number sign (“#”) character
or by the end of the URI.

The characters slash (“/”) and question mark (“?”) may represent data
within the query component.

Technically, RFC 3986-3.4 defines the query component as:

query       = *( pchar / "/" / "?" )

This syntax means that query can include all characters from pchar as well as / and ?. pchar refers to another specification of path characters. Helpfully, Appendix A of RFC 3986 lists the relevant ABNF definitions, most notably:

query         = *( pchar / "/" / "?" )
pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded   = "%" HEXDIG HEXDIG
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="

Thus, in addition to all alphanumerics and percent encoded characters, a query can legally include the following unencoded characters:

/ ? : @ - . _ ~ ! $ & ' ( ) * + , ; =

Of course, you may want to keep in mind that ‘=’ and ‘&’ usually have special significance within a query.

More Related Contents:

  1. Is a URL allowed to contain a space?
  2. How to escape hash character in URL
  3. Absolute URLs omitting the protocol (scheme) in order to preserve the one of the current page
  4. How to remove x and y on submit in HTML form with Image type button?
  5. Fixed page header overlaps in-page anchors
  6. Unicode characters in URLs
  7. What is the boundary in multipart/form-data?
  8. Disabled form inputs do not appear in the request
  9. Escaping ampersand in URL
  10. Using PUT method in HTML form
  11. How to allow http content within an iframe on a https site [duplicate]
  12. Two forward slashes in a url/src/href attribute [duplicate]
  13. Example of multipart/form-data
  14. CSS set background-image by data-image attr
  15. How to specify a local file within html using the file: scheme?
  16. Browser Caching of CSS files
  17. Network-Path Reference URI / Scheme relative URLs
  18. What is the meaning of ? (question mark) in a URL string? [duplicate]
  19. Do HTTP POST methods send data as a QueryString?
  20. Large file upload though html form (more than 2 GB)
  21. How to download HTTP directory with all files and sub-directories as they appear on the online files/folders list?
  22. Can’t show some websites in iframe tag
  23. Why is “&reg” being rendered as “®” without the bounding semicolon
  24. Semicolon as URL query separator
  25. How to save the content in UIWebView for faster loading on next launch?
  26. What happens if the action field in a has parameters?
  27. How do I open a URL from C++?
  28. What does the question mark at then end of a css include url do?
  29. Custom HTTP Request headers in HTML
  30. How can I pre-populate html form input fields from url parameters?

Leave a Comment