if I do that then I have to worry about escaping backslashes and other characters too. this is what I used to do but it's very fragile. urlencode takes care of all these quite simply so I'd really prefer to use that.
I don't think it's so fragile. Maybe it's just a backslash, single quote and quote to escape, but I guess that's all?
A browser will urlencode it like in hidden fields and correctly (1 time) urldecode it later. I assume this will be interpreted by more browsers than encoding it manually. But I can't tell exactly.