I have an HTML form that a user can input text into a
$FileName = str_replace(" ", "_", $UserInput);
$FileName = preg_replace("/'/", '', $UserInput);
Using your current str_replace method:
$FileName = str_replace("'", "", $UserInput);
While it's hard to see, the first argument is a double quote followed by a single quote followed by a double quote. The second argument is two double quotes with nothing in between.
With str_replace, you could even have an array of strings you want to remove entirely:
$remove = "'"; $remove = '"'; $remove = "-"; // just as another example $FileName = str_replace( $remove, "", $UserInput );