If I am doing any sort of encode/decode operation, I try and use modules rather than rolling my own. In this case, I would use URI::Escape to handle it - chances are a well-used module is going to handle corner cases I would have missed.

#!/usr/bin/perl
use strict;
use warnings;
use URI::Escape;


my $url_parm = uri_escape 'http://www.whatzit.com?a=1&b=2';
my $url = "http:/www.xyzzy.com?url=$url_parm";
print $url, "\n";
[download]

To comment on the posted code, I assume you accidentally used $url where you meant to use $url_param, a la:

my $url_parm = 'http://www.whatzit.com?a=1&b=2';
$url_parm =~ s/&/&/sg;
my $url = "http:/www.xyzzy.com?url=$url_parm";
[download]

This type of error will be caught by the strict pragma. It would likely be worth your while to read Use strict warnings and diagnostics or die and Basic debugging checklist.

Note that you have used the wrong encoding for the task you describe - you changed to HTML_entities instead of Percent_encoding. You also missed several characters that are not legal in URIs. Exactly the reason for using existing, well tested modules.