HTML and CSS Reference
Although not often used, the communication port number in a URL also can be specified.
Browsers speaking a particular protocol communicate with servers through entry points,
known as ports, which generally are identified by numeric addresses. Associated with each
protocol is a default port number. For example, an HTTP request defaults to port number 80.
You could say
but there is no point, as the browser will use the default port for HTTP traffic anyway.
However, a server administrator can configure a server to handle protocol requests at ports
other than the default numbers. Usually this occurs for experimental or secure applications.
In these cases, the intended port must be explicitly addressed in a URL. For example, if we
ran another server on port 8080, we would use
Port number-based access is not terribly user friendly, and it intrinsically provides no
extra security other than obscurity.
Many URLs contain query strings indicated by the question mark (?). When a URL requests
a program to be run rather than a file to be returned, a query string might be passed in the
URL to indicate the various arguments to be given to the server-side program. Consider, for
In this situation, the program registration.php is handed a query string that has a name
value set to “Matt Folely,” an Age value set to “32,” and a Sex value set to “male.” Query
strings are generally encoded as discussed in the next section. Spaces in this case are
mapped to the plus sign (+), while all other characters are in the %hex value form. The
various name-value pairs are separated by ampersands (&). The encoding and decoding of
URLs is important for Web developers to understand, and a loose attitude toward allowed
encodings can quickly lead to security problems.
Some characters may have special meaning within the context of a URL or the operating
system of the server on which the resource is found. If any unsafe, reserved, or nonprintable
characters occur in a URL, they must be encoded in a special form defined by the MIME type
x-www-form-urlencoded . Failure to encode special characters may lead to errors,
particularly in the presence of Web server security systems such as Web application firewalls.
The form of encoding consists of a percent sign and two hexadecimal digits corresponding
to the value of the character in the ASCII character set. Only alphanumeric values and some
special characters ($ - _ . + ! * '), including parentheses, may be used in a URL; other
characters should be encoded. In general, special characters such as accents, spaces, and some
punctuation marks have to be encoded, depending on the character set in play. Table D-4
shows the reserved and potentially dangerous characters for URLs.