What is the difference between the parser and the builder here?

The parser is read-only: you paste a URL or query string and it splits everything after the ? into a decoded key/value table so you can read the real values. The builder is editable: it starts from those params (or a blank list), lets you add, rename, fix or delete rows, and rebuilds a correctly-encoded query string live. You can parse one link and build a different one, or load the parsed params into the builder with one click and tweak from there.

When should spaces be encoded as %20 versus +?

Both are valid in a query string and most servers accept either, but they come from different specs. %20 is the universal percent-encoding and is the safe default — it works in a query, a path and a header. The + shortcut for a space is specific to the application/x-www-form-urlencoded format that HTML forms submit, so it is the natural choice when you are hand-building a form-style query. Pick + only when the consumer you are targeting expects form encoding; otherwise leave it on %20.

How does the tool handle a URL with repeated parameter names?

It keeps every occurrence as its own row instead of collapsing them, because order and duplicates carry meaning — id=1&id=2&id=3 is three values, and frameworks like Rails or qs read that as an array. The parser shows all three rows in order, the builder lets you reorder, edit or remove any single one, and rebuilding preserves the rest. That is different from URLSearchParams.get(), which would only ever hand you the first value and hide the others.

What happens when a value has a broken percent-escape like %zz or a lone %?

Decoding that token would normally throw and take a naive tool down, so this one catches the failure per value: the row still appears, the raw undecoded text is shown, and the row is flagged so you know it could not be decoded. A banner also notes that some values were left raw. This is common when a string was never actually percent-encoded, or got double-encoded and then half-decoded — seeing the flagged row tells you exactly which parameter to look at.

Is my data sent anywhere, and what about the shareable link?

No. Parsing, decoding and encoding all run in plain JavaScript in your browser tab — the URL or query string you paste is never uploaded or logged. The one thing to know is the shareable link: the query string you are inspecting is written into this page's own URL so a shared link reopens the same parse, which means it lands in the recipient server's logs. Query strings often hold access tokens, session ids or signed URLs, so for anything sensitive use the Copy button and paste the text instead of sharing the page link.

Read a tangled tracking URL someone sent you

A teammate pastes a 300-character link full of %26, %3D and a UTM campaign that reads as gibberish. Drop it in the parser and every parameter lands in its own row, decoded: utm_campaign is "Summer & Fall 2026", redirect is a readable path, and the three id values you missed are right there. You see the structure in one glance instead of counting ampersands by hand.

Strip the marketing junk before sharing a link

You want to share a product page but not the fbclid, gclid and five utm_* trackers riding along. Parse the URL, load it into the builder, delete the rows you do not want, and copy a clean link with just the product id. Turn on "Full URL" so the path comes back too — the result is the short, trustworthy link you would have written by hand.

Hand-build an OAuth or API request URL

You need ?response_type=code&redirect_uri=https://app/cb?next=/home& scope=read write. Type the keys and the human-readable values in the builder and it encodes each one correctly: the inner ? and / in redirect_uri become %3F and %2F so the provider does not truncate, and the space in "read write" becomes %20. No more guessing which character needs escaping.

Diff two query strings reliably

Two API calls behave differently and you suspect a parameter changed. Parse both, turn on "Sort keys", and the params line up alphabetically so a real diff tool (or your eyes) catches the one value that moved. Without sorting, a reordered query looks "different" everywhere even when nothing actually changed.

URL Query String Parser & Builder — Decode, Edit, Re-encode

Paste a URL, see every parameter decoded in a table; edit the rows and get a clean, correctly-encoded query string back — %20 or +, sorted or not, in your browser

Runs locally
Category Encoding & Crypto
Best for Checking small payloads, tokens, hashes, and encoded values quickly.

Parse — paste a URL or query string

Paste a full URL or a bare query string. Everything after the “?” is decoded into the table below.

Build — edit rows, get an encoded query string

No rows yet. Click “Add parameter”, or load parsed params from above.

Spaces

Output

Sort keysEncode values

Result

The built query string appears here.

What this tool does

A two-way URL query string tool: paste a full URL or a bare query string and it splits everything after the "?" into a decoded key/value table, so a parameter like q=caf%C3%A9%20ren%C3%A9 reads as "café rené" instead of a wall of percent escapes. Repeated keys (utm a, utm b, id, id) stay as separate rows, the "#fragment" is kept aside, and a value with a broken escape such as %zz is flagged rather than silently dropped. The builder half is an editable list — add a row, rename a key, fix a value, delete a tracker — and it rebuilds a correctly-encoded query string live. Choose whether spaces become %20 or +, sort keys alphabetically for a stable diff, emit just the query or a full URL with the original path, or switch to a readable (decoded) output when you only want to eyeball the values. Copy the result, copy the parsed params as JSON, or clear and start over. It handles an empty box, a multi-megabyte paste, and malformed input without choking, and every parse, decode and encode runs locally in your browser — nothing is uploaded.

Tool details

Input: Text + Structured content; The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
Output: Live result + Copy; The result area focuses on usable output, with copy, download, or preview actions when supported.
Privacy: Browser-side processing; The main tool logic does not call an external API, so inputs normally stay in the current tab.
Save / share: Shareable URL state; Key settings are encoded in the URL so another person can reopen the same setup.
Performance budget: Initial JS <= 13 KB; No WASM budget is declared, keeping the tool quick to open on mobile.
Best fit: Encoding & Crypto · Developer; Category and role tags drive related tools, internal links, and quick fit checks.

How to use

1. Input

Paste or drop your content into the tool panel.
2. Process

Click the button. All processing is local in your browser.
3. Copy / Download

Copy the result or download to disk in one click.

How URL Query String Parser & Builder fits into your work

Use it for quick browser-side encoding, decoding, hashing, token checks, and share-safe transformations.

Encoding jobs

Checking small payloads, tokens, hashes, and encoded values quickly.
Preparing values for APIs, URLs, docs, or support tickets.
Avoiding account-based tools when the input might be sensitive.

Encoding checks

Do not paste live secrets unless you are comfortable with local browser handling.
Confirm whether the operation is reversible before sharing the result.
For hashes, compare the exact algorithm and casing expected by the receiver.

Good next steps

These links move the current task into a more complete workflow.

Real-world use cases

Read a tangled tracking URL someone sent you
A teammate pastes a 300-character link full of %26, %3D and a UTM campaign that reads as gibberish. Drop it in the parser and every parameter lands in its own row, decoded: utm_campaign is "Summer & Fall 2026", redirect is a readable path, and the three id values you missed are right there. You see the structure in one glance instead of counting ampersands by hand.
Strip the marketing junk before sharing a link
You want to share a product page but not the fbclid, gclid and five utm_* trackers riding along. Parse the URL, load it into the builder, delete the rows you do not want, and copy a clean link with just the product id. Turn on "Full URL" so the path comes back too — the result is the short, trustworthy link you would have written by hand.
Hand-build an OAuth or API request URL
You need ?response_type=code&redirect_uri=https://app/cb?next=/home& scope=read write. Type the keys and the human-readable values in the builder and it encodes each one correctly: the inner ? and / in redirect_uri become %3F and %2F so the provider does not truncate, and the space in "read write" becomes %20. No more guessing which character needs escaping.
Diff two query strings reliably
Two API calls behave differently and you suspect a parameter changed. Parse both, turn on "Sort keys", and the params line up alphabetically so a real diff tool (or your eyes) catches the one value that moved. Without sorting, a reordered query looks "different" everywhere even when nothing actually changed.

Common pitfalls

Encoding a whole URL when you only meant one parameter. If you paste https://a.com/p?x=1 into a plain percent-encoder it eats the :// and the ?, breaking the link. This tool only encodes the values inside each parameter, leaving the path and separators intact, which is what you almost always want.
Assuming repeated keys collapse to one. id=1&id=2 is two values, not an overwrite. Tools built on URLSearchParams.get() hide the duplicates; here both rows are shown, so check the count before you assume a parameter is unique.
Treating + and %20 as identical everywhere. They both mean space in a query string, but a literal + in a value must be encoded as %2B or the server reads it as a space. If a value like "1+1" comes back as "1 1", switch space handling and re-encode.

Privacy

Every step — splitting the URL, decoding each value, and re-encoding the builder rows — is plain JavaScript running in your browser tab. The URL or query string you paste is never uploaded, logged or sent anywhere, which matters because query strings routinely carry access tokens, session ids and signed URLs. The one caveat is the shareable link: the query string being inspected is written into this page's own URL so a "share" link reopens the same parse, which also means that payload lands in the recipient server's access log. For anything sensitive, use the Copy button and paste the text rather than sharing the page URL.

FAQ

Tool combos

Folks in your role tend to reach for these alongside this tool.

Developer

Browse all tools for this role

URL Query String Parser & Builder — Decode, Edit, Re-encode

Parse — paste a URL or query string

Build — edit rows, get an encoded query string

What this tool does

Tool details

How to use

1. Input

2. Process

3. Copy / Download

How URL Query String Parser & Builder fits into your work

Encoding jobs

Encoding checks

Good next steps

Real-world use cases

Read a tangled tracking URL someone sent you

Strip the marketing junk before sharing a link

Hand-build an OAuth or API request URL

Diff two query strings reliably

Common pitfalls

Privacy

FAQ

URL Encoder / Decoder

JSON Formatter & Validator

JWT Decoder

Base64 Encoder & Decoder

URL Slug Generator

HTML Entities Encoder

AES Text Encryptor

Affine Cipher Encoder & Decoder

Atbash Cipher

Bacon Cipher Encoder & Decoder

Base32 / Base58 Encoder & Decoder

Base62 Encoder & Decoder