Revison 1
This is a quick and dirty function for preventing SQL Injection, the function is designed to clean any variable that will be concatenated into an SQL query. Apostrophes and Double-Quotes are changed to entities in order to ensure that encoding does not become an issue when the content is pulled back into a page. I'm looking for criticism here, I want to know if this is secure or not.