Yes, the use of many characters is prohibited, and what is allowed varies depending upon the part of the URI. See RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax [faqs.org]

The "unreserved" characters are generally "safe" to use:

2.3. Unreserved Characters

Data characters that are allowed in a URI but do not have a reserved
purpose are called unreserved. These include upper and lower case
letters, decimal digits, and a limited set of punctuation marks and
symbols.

unreserved = alphanum ¦ mark

mark = "-" ¦ "_" ¦ "." ¦ "!" ¦ "~" ¦ "*" ¦ "'" ¦ "(" ¦ ")"

Unreserved characters can be escaped without changing the semantics
of the URI, but this should not be done unless the URI is being used
in a context that does not allow the unescaped character to appear.

For details, see the cited document.

[added] Use of other characters is not "illegal" per se, but the client and the server will send them as escaped hex-encoded entities. For example, a space is sent as "%20" -- which looks awful in the browser address bar, is very difficult to remember and to type, and should therefore be avoided. [/added]

Jim

[edited by: jdMorgan at 10:19 pm (utc) on Sep. 7, 2007]

Thank you for your response.

IOW after reading what you sent to me + is reserved and should NOT be used.

Correct?

thanks

Here's an example URL with an attached query string:

http://example.com/my_script.php?query-string

If a "+" is included in the URL, it will be encoded as "%2b". This encoded character will appear in the browser address bar and in search engine listings.

If a "+" is included in the query-string, it will pass through unchanged.

As an experiment, try making a test page with links including these characters to see how they behave.

Jim

Always avoid spaces and underscores in URLs.

Hyphens are good for word spacers, but I usually use dots instead.