My string $name = "Ali'Shan"; I want store it into database but the ' I use htmlentities/ htmlspecialchars and str_replace but insert I still get syntax error ' .
$name = "Ali'Shan";
str_replace("'", "", $name);
echo $name;
echo htmlentities($name);
My output is still Ali'Shan
Use addslashes() or mysql_real_escape_string()
what about
str_replace("'", "\'", $name);
Use htmlentities and htmlspecialchars when you want to insert text into an HTML document.
A database is not an HTML document. You need to use the appropriate mechanisms for adding text to an SQL query.
For the most part, those mechanisms are prepared statements with bound variables.
Use mysql_real_escape_string($str) while inserting in database.