The encoding of the string (URL encoding I assume) is only needed to make sure the server understands all contents. On the server you don't need it to be encoded anymore so you can simply decode it back. A simple check for a total length of 20 should be enough.
Manish Singh wrote:why are you encoding the special characters?
Because the URL specification says that some characters have special meaning, and characters need to be encoded for communication between client and server. For instance, spaces become + signs or %20.
And if encoding is a must then prevent user from more than entering affective 20 chars. Use 'onkepup' event listener on the username text box to do it.
I'd use the maxlength attribute instead: <input maxlength="20" ...>. This cannot be disabled by turning off JavaScript support. There may still be ways to bypass this check but it's harder.