curl -G + --data-urlencode: Safe Query Strings
Hand-building query strings breaks on spaces and ampersands; --data-urlencode does not.
When parameters contain spaces or special characters, let curl encode them. -G plus --data-urlencode is the clean way to build a GET.
What it does
-G / --get makes curl send any -d / --data fields as a URL query string with a GET request instead of a POST body. --data-urlencode percent-encodes the value so spaces, ampersands, and other special characters are safe. Each --data-urlencode adds one parameter; curl joins them with &.
Common usage
curl -G https://api.example.com/search \
--data-urlencode 'q=build status' \
--data-urlencode 'repo=owner/name'
# results in /search?q=build%20status&repo=owner%2FnameFlags
| Flag | What it does |
|---|---|
| -G / --get | Send -d/--data as a query string with GET |
| --data-urlencode 'k=v' | URL-encode the value, key kept literal |
| --data-urlencode 'v' | Encode a bare value with no key |
| --data-urlencode 'k@file' | Encode the contents of a file as the value |
In CI
When a query value comes from a variable that might contain spaces or slashes, use --data-urlencode instead of string-concatenating into the URL. It avoids broken requests and injection-style bugs when the value is attacker-influenced. Combine with -G so the request stays a GET.
Common errors in CI
A 400 or a truncated query usually means an unencoded space or & split the URL. Forgetting -G sends the data as a POST body instead of the query string, which a GET-only endpoint rejects with 404 or 405.