protected function escapeString($str) { return str_replace('"', '\'', strip_tags(html_entity_decode($str))); }