HttpServerUtility.UrlPathEncode vs HttpServerUtility.UrlEncode

UrlEncode is useful for query string values (so to the left or especially, right, of each =).

In this url, foo, fooval, bar, and barval should EACH be UrlEncode'd separately:

http://www.example.com/whatever?foo=fooval&bar=barval

UrlEncode encodes everything, such as ?, &, =, and /, accented or other non-ASCII characters, etc, into %-style encoding, except space which it encodes as a +. This is form-style encoding, and is best for something you intend to put in the querystring (or maybe between two slashes in a url) as a parameter without it getting all jiggy with the url's control characters (like &). Otherwise an unfortunately placed & or = in a user's form input or db value value could break things.

EDIT: Uri.EscapeDataString is a very close match to UrlEncode, and may be preferable, though I don't know the exact differences.

UrlPathEncode is useful for the rest of the query string, it affects everything to the left of the ?.

In this url, the entire url (from http to barval) should be run through UrlPathEncode.

http://www.example.com/whatever?foo=fooval&bar=barval

UrlPathEncode does NOT encode ?, &, =, or /. It DOES, however, like UrlEncode, encode accented/non-ASCII characters with % notation, and space also becomes %20. This is useful to make sure the url is valid, since spaces and accented characters are not. It won't touch your querystring (everything to the right of ?), so you have to encode that with UrlEncode, above.


Update: as of 4.5, per MSDN reference, Microsoft recommends to only use UrlEncode. Also, the information previously listed in MSDN does not fully describe behavior of the two methods - see comments.

The difference is all in the space escaping - UrlEncode escapes them into + sign, UrlPathEncode escapes into %20. + and %20 are only equivalent if they are part of QueryString portion per W3C. So you can't escape whole URL using + sign, only querystring portion. Bottom line is that UrlPathEncode is always better imho

You can encode a URL using with the UrlEncode() method or the UrlPathEncode() method. However, the methods return different results. The UrlEncode() method converts each space character to a plus character (+). The UrlPathEncode() method converts each space character into the string "%20", which represents a space in hexadecimal notation. Use the UrlPathEncode() method when you encode the path portion of a URL in order to guarantee a consistent decoded URL, regardless of which platform or browser performs the decoding.

http://msdn.microsoft.com/en-us/library/4fkewx0t.aspx


To explain it as simply as possible:

HttpUtility.UrlPathEncode("http://www.foo.com/a b/?eggs=ham&bacon=1") 

becomes

http://www.foo.com/a%20b/?eggs=ham&bacon=1

and

HttpUtility.UrlEncode("http://www.foo.com/a b/?eggs=ham&bacon=1") 

becomes

http%3a%2f%2fwww.foo.com%2fa+b%2f%3feggs%3dham%26bacon%3d1

Tags:

Asp.Net