Does the LDAP module you're using provide any way to handle the escaping for you? That's likely to be easier, faster, work better, and be more secure, since whoever wrote the LDAP module probably knows more about LDAP than you or I. :)