why encode URL

Hi,

I understand that some characters are not safe to use in a URL without first being encoded.

I also understand that this is for security reasons.
But if the encoding rules are known as below

%20 is a space,
%3A is a : (colon)
etc..

can n user not decode the URL if he knows the encoded url?

Can someone tell me why URL encoding is used?

Originally posted by Vasim Patel:
I also understand that this is for security reasons.

URL encoding is generally not used to encode it for the user's eyes.

Not all characters are allowed in a url, like the space.
This is an invalid url:
http://localhost/My Testpage.jsp

To get a valid url, you have to replace the space by it's encoding:
http://localhost/My%20Testpage.jsp

Also think about parameters with characters which would cause problems:
http://localhost/show.jsp?type=bed&breakfast
Your jsp will get two parameters:
type=bed and breakfast=
instead of
type=bed&breakfast
So you have to encode the & character.

Regards,
Arjan

Thanks Arjaan

Not all characters are allowed in a url, like the space.
This is an invalid url:
http://localhost/My Testpage.jsp
To get a valid url, you have to replace the space by it's encoding:

" target="_blank" rel="nofollow">http://localhost/My%20Testpage.jsp

Why do we need URLs with spaces. Can you give me a practical example.

Originally posted by Vasim Patel:
Why do we need URLs with spaces. Can you give me a practical example.

Normally you don't need spaces and it's best to avoid them.

But they are used sometimes, mostly by people using Microsoft Frontpage

Regards,
Arjan

Vasim,
URLs with spaces (and other special charactes) often come up when you are attempting to submit a form using GET with parameters. Suppose a parameter is the user name. I could easily wind up with something like this:

I would need to encode this to get rid of the space.

In Servlet terms, URL encoding doesn't refer to any sort of encrytion, obfuscation or escapes sequences. It refers to the enhancement of URLs so that browsers that have cookies disabled (or old browsers that that don't support cookies) can still maintain Java Sessions.

see: Sun's web page

Originally posted by Tim Holloway:
In Servlet terms, URL encoding doesn't refer to any sort of encrytion, obfuscation or escapes sequences. It refers to the enhancement of URLs so that browsers that have cookies disabled (or old browsers that that don't support cookies) can still maintain Java Sessions.

However, the java.net.URLEncoder is about escaping illegal characters.

See: http://java.sun.com/j2se/1.4.2/docs/api/java/net/URLEncoder.html

Regards,
Arjan

Whether you call it escaping or encoding is moot -- just don't call it encrypting, 'cause it's not.

The point is that special characters such as ?, & and = are used in the parsing of URLs, and if the parameter values contain these characters, the URL cannot be correctly parsed.

Encoding the URL parameters ensures that the URL can be parsed as intended.
[ August 12, 2004: Message edited by: Bear Bibeault ]

e.g. if there was an & in a parameter value that would be interpreted as being the end of that parameter. Which could mess up the parsing of the other paramters. So paramter names and paramater values should always be url encoded when you are not certain of what they will contain.