Correct way to escape input data before passing to ODBC
Instead of string escaping the PHP ODBC driver uses prepared statements. Use odbc_prepare to prepare an SQL statement and odbc_execute to pass in the parameters and execute the statements. (This is similar to what you can do with PDO).