If you are truly concerned about security, which it seems you are not, then you will not use your home brewed functions. I'm not suggesting you don't try to invent something better, but if you do not understand certain fundamentals about security then I would suggest you leave it to the more experienced.This is a business site, not some stupid forum or the like.
If I enter my password as jc@rt (no my password(s) is not this so dont tryAnd to Jcart, What is wrong with simply removing things I don't want? What if they accidently brush the single quote while typing in their password? Removing it mean's the can't find a way to unexcape it, because it's not there, and I provide options to make sure it will allow other characters when I need them.
Btw.. your script is still vulnerable to SQL injection.
...and I thought this was a business site.