PHP Sanitising and escaping special characters

PHP Sanitising and escaping special characters

I'm new to PHP, and I've got a form where people can submit values to a
DB. Later those values will either be injected using JS, or be placed
straight inside an HTML document.
I'm using the following to sanitise my inputs:
function sanitise($str){
$string = htmlspecialchars($str);
$string = mysql_real_escape_string($str);
return $string;
}
The problem with this is that inside my DB, the inputs that have quotes
look like this: input's. This means if I insderted that value inside JS,
the quotation mark would screw everything up.
I tried doing this to avoid the quote:
function sanitise($str){
$string = htmlspecialchars($str);
$string = mysql_real_escape_string($str);
return addslashes($string);
}
This converts my DB entry to something that looks like this: input\'s.
This works within JS but if I was to inject that value directly inside
<div></div> then the backslash will still be present... I'm confused as to
what I'm doing wrong - how could I sanitize my inputs and at the same time
universally escape special characters for both HTML and JS?