I want to escape ‘ and “. I can’t figure out how to do this.
I guess the easiest way is to just add a to them, but how to do that?
BTW this is to stop some innocent SQL injection on my site.

You can use the function addslashes() to escape all of the ” and ‘ characters.

The proper way to prevent SQL injection is to use parameterised queries.

also try this

Code:

<?php
$value = stripslashes($value);
// to strip the slash.
$value = mysql_real_escape_string($value);
// to add slash.
?>