This is a quick and dirty function for preventing SQL Injection, the function is designed to clean any variable that will be concatenated into an SQL query. Apostrophes and Double-Quotes are changed to entities in order to ensure that encoding does not become an issue when the content is pulled back into a page. I'm looking for criticism here, I want to know if this is secure or not.

Allows you to hide all elements on an HTML page by their tag name. Extremely handy in getting around the "Windowless Elements" problem in IE, which is a bug that puts certain elements, most commonly select boxes, on top of any other element, no matter what. As you can imagine, this causes real problems with DHTML drop-down menus and such like. This is the simplest and quickest fix I've come up with, I simply set this function to run alongside the drop-down and all of the select tags vanish before a menu drops, then I run the show function when the menu retracts.