PHP Escape String

function escape($str) {
    return str_replace(
        array( '&',     '<',    '>',    '"',      '\''),
        array( '&amp;', '&lt;', '&gt;', '&quot;', '&#039;'),
        $str
    );
}

NOTE: ' is not used as it is not a valid HTML entity reference.