/^/
MediumWeb5 min read

URL Query Parameter Regex

Matches a single key=value pair within a URL query string, where both the key and the (optionally empty) value contain only URL-safe characters.

#url#web#query-string#parameters#parsing

Regex Pattern

[A-Za-z0-9_.~%+-]+=[A-Za-z0-9_.~%+-]*

Default flags: g

Pattern Breakdown

Hover over a token to see what it does.

[A-Za-z0-9_.~%+-]+=[A-Za-z0-9_.~%+-]*
TokenMeaning
[A-Za-z0-9_.~%+-]+The parameter key: one or more URL-safe characters (letters, digits, and the unreserved/percent-encoding characters _.~%+-)
=The literal equals sign separating key from value
[A-Za-z0-9_.~%+-]*The parameter value: zero or more URL-safe characters, allowing empty values like key=
%Included in the character class so percent-encoded sequences like %20 pass through the key or value unmodified

Detailed Explanation

What it does

This pattern matches one key=value pair as it would appear in a URL's query string, such as the 'page=2' segment in ?page=2&sort=asc. With the global flag it can pull every parameter pair out of a full query string one at a time.

Why it works

The character class covers the characters that are valid in a URL query component either unencoded or as part of percent-encoding (%XX) and the + character commonly used for encoded spaces, so it matches real-world query values without needing to decode them first. Requiring + (one or more) for the key but * (zero or more) for the value correctly models that a key must be present but its value may be empty.

Common use cases

  • Extracting individual parameters from a raw query string without a full URL-parsing library
  • Validating that a query string fragment is composed of well-formed key=value pairs
  • Building a lightweight query string highlighter or debugger tool
  • Quick log analysis to pull out specific parameter patterns from access logs

Edge cases

  • An empty value, like 'q=', is matched since the value part allows zero characters
  • Percent-encoded values, like 'name=John%20Doe', are matched because % and hex digits are URL-safe characters included in the class
  • A key with no equals sign, like a bare flag 'q', does not match since = is required
  • A pair with no key, like '=missingkey', does not match since the key requires at least one character before the =

Limitations

  • This pattern does not decode percent-encoded (%XX) sequences or + characters back into their original values
  • It does not split a full query string on & delimiters by itself; use the global flag with matchAll or a loop, or split on & first
  • It does not handle array-style parameter syntax like key[]=value or key[0]=value as a distinct structure — those still match, but the brackets themselves aren't part of the recognized key characters

Interactive Tester

Edit the pattern or text below — matching runs live in your browser.

foo=bar page=2 q=
3 matches

Test Cases

Editable — add your own inputs to see if they pass.

InputExpectedResult
Pass
Fail
Pass
Pass
Pass
Fail
Pass
Pass

Language Variants

Production-ready examples in 12 languages.

const queryParamRegex = /[A-Za-z0-9_.~%+-]+=[A-Za-z0-9_.~%+-]*/g;
const pairs = 'page=2&sort=asc'.match(queryParamRegex);

Common Mistakes

Using .+=.+ to match key=value pairs, which greedily spans across multiple & separated pairs in a full query string

Fix: Use an explicit URL-safe character class like [A-Za-z0-9_.~%+-]+ instead of . so matching stops at delimiters like & and ?

Requiring a non-empty value with + instead of *, rejecting valid empty-value parameters like 'search='

Fix: Use * for the value portion so keys with no value are still matched

Assuming this regex decodes percent-encoded or + characters into their real values

Fix: Use a proper URL/query-string parsing API (e.g. URLSearchParams, urllib.parse.parse_qs) to decode after extracting raw pairs

Performance Notes

  • Both character classes are simple, non-overlapping, and bounded by the literal =, so matching is linear with no catastrophic backtracking
  • For parsing full URLs, prefer built-in APIs like URLSearchParams over regex, reserving this pattern for quick extraction or validation tasks
  • When scanning very long query strings, the global flag with matchAll allows lazy iteration instead of building one huge array upfront

Browser Compatibility

EngineSupportedNotes
ChromeYes
FirefoxYes
SafariYes
EdgeYes
Node.jsYes