vincevincevince - 7:35 am on Nov 3, 2012 (gmt 0)
You may have escaping happening at another layer of your application, e.g. the CMS may be using a database object which already escapes values.
Take out all escaping that you've added, and then do a test - insert '" and then read the database directly to see whats been inserted.
a) If you've inserted '" and it's stored as '" then it's being perfectly escaped already and you need add nothing.
b) If you've inserted '" and it's been stored with \ marks, then you're already escaping twice and you need to find one to remove.
c) If you've inserted with '" and it's not inserted (error/silent fail) then you need to escape, once.