Single quote escape in JavaScript function parameters

 JSON.stringify(plainTextStr).replace(/&/, "&").replace(/"/g, """)

will produce a string you can safely embed in a quoted attribute and which will have the same meaning when seen by the JavaScript interpreter.

The only caveat is that some Unicode newlines (U+2028 and U+2029) need to be escaped before being embedded in JavaScript string literals, but JSON only requires that \r and \n be escaped.

Escape the apostrophe with a backslash:

onclick="INSERT_PRODUCT('188267','WILL AND GRACE ','32311','L\'ANNIVERSARIO DI NOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5 ',this);"

It's maybe not totally clear from the question, but assuming that all you want is to send this to a PHP script for storing in a database, you of course would ideally utilize PHP's various methods such as stripslashes() -- but if you're really not trying to get too fancy, simply adding 1 slash in front of any single quote is enough to send a SQL query right into PHP from the client-side. It's not safe, but maybe not necessary either.

str.replace(/'/g, "\\'"); // escaping \ with \, so used 2x

does the trick., like for example in something like this:

var body = $('#body').val().replace(/'/g, "\\'");
myCustomSQLqueryFunction("UPDATE mytable SET `content`='"+ body +"';" );

MySQL will now store your body like you see it in the form field.

This function worked for me (it removes and restores the quote again): Guessing that the data to be sent is the value of an input element,

var Url = encodeURIComponent($('#userInput').val().replace("'","\\'"));

Then get the original text again:

var originalText = decodeURIComponent(Url);