When inserting names into a customer database I used the MySQLi function real_escape_string to sanitize the data. An example entry with a single quote now looks like this:
$search = "Baker's Pharmacy";
$searchName = $db->real_escape_string($search);
$query = "SELECT Name FROM Customers WHERE Name = '$searchName'";
There are two wrong assumptions that needs to be cleared up.
*escape_stringfunction does not sanitize anything. that's just a nasty rumor that PHP folks are better to finally get rid of.
Instead of "sanitizing" you have to use mysqli prepared statements for both insert and select queries, and you will see not a single problem related to quotes (unless there are magic_quotes or their home-brewed equivalent are hanging around).