If you use htmlspecialchars() to escape any HTML attribute, make sure use double quote instead of single quote for the attribute.
For Example,
> Wrap with Single Quote
<?php
echo "<p title='" . htmlspecialchars("Hello\"s\'world") . "'">
// title will end up Hello"s\ and rest of the text after single quote will be cut off.
?>
> Wrap with Double quote :
<?php
echo '<p title="' . htmlspecialchars("Hello\"s\'world") . '"'>
// title will show up correctly as Hello"s'world
?>