it seems uri_escape() doesn't escape the "&". Could somebody tell me why?