sugaz007 wrote:

Is above correct?

You are encoding characters you do not have to, but it does not hurt.
The only suspect is the double-quote. The one included in your post is not the standard "quotation mark" (what is %22), but "right double quotation mark" (what is %20%1D).
https://www.fileformat.info/info/unicode/char/0022/index.htm
https://www.fileformat.info/info/unicode/char/201d/index.htm
Find out which one is actually included in your password. Also as the "right double quotation mark" is not ASCII character, there can be encoding problem between WinSCP and the server. It is better to avoid such characters.
Also Unicode characters in URL encoding are supported in recent versions only:
https://winscp.net/tracker/1062
Make sure you are using the latest version of WinSCP.

My password for SFTP is (q.=1..Y-{&70i”

The hexa decimal numbers are :

” 22
& 26
( 28
. 2e
- 2d
= 3d
{ 7b

so in my open command the password should be %28q%2e%3d1%2e%2eY%2d%7b%2670i%22

/command "open sftp://TestUser:%28q%2e%3d1%2e%2eY%2d%7b%2670i%22@sftp.com" "put \\Edrive\*.xml /" "exit"

Is above correct?

Please read documentation:
https://winscp.net/eng/docs/session_url

I have experienced a problem using the open command (from the Windows command line) with a password that contains a + character, the open fails with an Access Denied message. I am using open as follows:
open userid:%pas+sword@server.com

The same command with a password not containing + works ie:
open userid:%password@server.com

Is there anyway of escaping + characters in the password, when using the open command