Instead of escaping, you could also consider packing your parameters using CGIpack. That results in a encoded string that doesn't have to be escaped.

Jeroen
"We are not alone"(FZ)