Trying to escape $, not working as I expected?

I'm trying to escape the character $ so that it becomes a literal within a string I'm compiling. I thought that this would do the trick, but apparently not:

$html = $_POST['html'];
$sanitize = htmlspecialchars($html);
$sanitize = str_replace("$", "\$", $sanitize); // Addition.

Here's my base code posted as html (it was originally a sanitizer for html, the last part being an addition).

$rp = realpath($_SERVER['DOCUMENT_ROOT']);
include($rp. "_static/inc/db_conn.php");

$conn = mysql_connect($db_host,开发者_JAVA技巧 $db_user, $db_pass); mysql_select_db($db_name);

It produces:

$rp = realpath($_SERVER[\'DOCUMENT_ROOT\']);
include($rp. \"_static/inc/db_conn.php\");

$conn = mysql_connect($db_host, $db_user, $db_pass); mysql_select_db($db_name);

It appears thus, that htmlspecialchars() is working as I'd expect it to, but not str_replace().

Any help/answers would be appreciated (heads up, I've never used str_replace() before, so I just went as per the PHP doc).

You need to escape the backslash as well.

$sanitize = str_replace("$", "\\$", $sanitize); 

Alternatively, you could use single quotes.

$sanitize = str_replace('$', '\$', $sanitize); 

Try using single quotes instead of double quotes, eg '$' instead of "$" The double quotes tell PHP to look for variables in your string, which you don't want it to do.