> So the company value will be stored like this: ' or '=' instead of this " or ""="

No, if they enter '"', store it as '"' in your database (maybe by using '\"' in the query), serve it as ''' in html ('"', actually).

Honestly, I wouldn't even suggest people try and escape their inputs. Just use parameters. They will be far more secure than attempting to escape and sanitize inputs.

This long-form article, I discussed in details how to prevent SQL injections, Cross-site scripting, and file upload attacks in web applications. I brought together my 10+ years experience with Linux server administration and 4+ years experience with full-stack software development to draft one of the most detailed post on the subject matter on the internet. I'm looking forward to your feedback.