Solution:2
Your question title seems to suggest that you are interested in sanitizing a string. If this is the case, you could consider htmlspecialchars() if you wish to prevent HTML code from being rendered as such. If you are interested in sanitizing for database input, you might wish to consider mysql_real_escape_string() for a MySQL query.
Otherwise, as mentioned you can use str_replace() (or the case-insensitive version) to replace all instances of one string with another string.