Conflict between url encoding and % in SQL

When a parameter is passed in the url, if the parameter contains the three characters "% 20", the receiving webpage will receive a space which is no longer % 20.
Because the space in the url encoding is encoded as % 20
But what if I want to pass % 20 when I use a url to pass an SQL statement?
Finally solved this problem.
When I pass a parameter, % is not written as % but as % 25, so that the % passed will not be escaped.

Special characters have special meanings when used in URLs or XML documents. Therefore, you must encode the characters to make them take effect.

In the query executed by a special character in a URL, the special character is specified as % xx, where xx is the hexadecimal value of the character. The following table lists these special characters and describes their meanings. For more information, see RFC1738 specification in the http://www.faqs.org/rfcs/rfc1738.html.

Special characters	Special Meaning	Hexadecimal value
+	It indicates space (space is not allowed in the URL ).	% 2B
/	Separate directories and subdirectories.	% 2F
?	Separate the actual URLs and parameters.	% 3F
%	Specify special characters.	% 25
#	Indicates bookmarks.	% 23
&	The delimiter between the parameters specified in the URL.	% 26

For example, evaluate the following query:
SELECT * FROM Employees WHERE EmployeeID =?
Because? The character has a special meaning in the URL (separating the URL and passing parameters). Therefore, when this query is specified in the URL, the character is encoded as % 3F.
The following URL executes the query. This parameter value is passed in the URL. For more information about using HTTP to execute SQL statements, see using HTTP to execute SQL statements.
Http: // IISServer/nwind? SQL = SELECT * FROM Employees WHERE EmployeeID = % 3F FOR XML AUTO & root = root & EmployeeID = 1
The browser will? All the special characters (for example, + characters) on the right are escaped (that is, convert? + Characters on the Right To % 20 ).

Special characters in XML
> And <are XML markup characters, which have special meanings in XML. When specifying these characters in SQL queries (or XPath queries), they must be properly encoded (also known as entity encoding ). The following table lists these special characters and describes their meanings. For more information, see the XML 1.0 specification in the XML 1.0 specification.

Special characters	Special Meaning	Entity Encoding
>	Start tag.	& Gt;
<	End tag.	& Lt;
"	Quotation marks.	& Quot;
'	Marker.	& Apos;
&	.	& Amp;

For example, evaluate the following query:
Select top 2 * FROM [Order Details] WHERE UnitPrice <10 FOR XML AUTO
Because the <character has a special meaning in XML, it must be encoded as & gt; when this query is specified in a template (an XML document ;. The template containing the query is as follows: <ROOT xmlns: SQL = "urn: schemas-microsoft-com: xml-SQL">
<SQL: query>
SELECT top 2 * FROM [Order Details] WHERE UnitPrice & lt; 10
FOR XML AUTO
</SQL: query>
</ROOT>
In URL encoding, you may need to specify both URL encoding and object encoding. For example, you can specify the following template (instead of the file name) in the URL: <ROOT xmlns: SQL = "urn: schemas-microsoft-com: xml-SQL">
<SQL: query>
SELECT top 2 * FROM [Order Details] WHERE UnitPrice & lt; 10
FOR XML AUTO
</SQL: query>
</ROOT>
In this example, the & characters in the <flag character specified) entity Encoding & lt; have special meanings in the URL and need to be further encoded. The & character must be encoded as % 26, otherwise it will be considered as a parameter Separator in the URL. The URL is specified:

Http: // IISServer/nwind? Template = <ROOT xmlns: SQL = "urn: schemas-microsoft-com: xml-SQL"> <SQL: query> select top 2 * FROM [Order Details] WHERE UnitPrice % 26lt; 10 for xml auto </SQL: query> </ROOT>