According to the docs uri_escape takes an optional second argument that's a string representing (as if in a regexp character class) what you do want escaped. Write a wrapper version once with your preferred escaping list and call that limited_escape( $blah ) instead.