First of all thank you for your post, traq.
But most of what you posted is irrelevant, since I only posted the most basic version I could think of.
1) Yes, in the script I posted I’m not. But I thought someone might think so and just wanted to prevent such comments.
2) I already tried escaping the string, but that didn’t do anything. But I haven’t used the urlencode function so far, so I guess I’ll give that a try. But even if I manually enter the escaped text in the adress bar, it gets omitted somehow in the $_GET variable and that is my real problem here.
My script is far more complicated when the two lines I posted, but I narrowed it down to them and I just don’t understand why it doesn’t work, since this should be really easy.