addslashes is related to SQL injection, so it doesn’t apply here.
@Debbie I suspect that somewhere along the way, you’ve double-escaped the photo label. Check where the value of photoLabel comes from and everything is passes through, and make sure it hasn’t already been run through htmlentities.
It is true that addslashes is primarily for SQL Injections, but look at the code provided again.
title='" . htmlentities($photoLabel) . "' />
Notice she has single quotes for the title attribute, so her output (without htmlentities) would have been title=‘Sam’s Sprial GIF’. So my point is, addslashes would have worked here too but it wouldn’t take care of XSS attacks like htmlentities would.
Too many programming languages on the brain. It can be easy to mix them up. In languages such as PHP and JavaScript, a backslash escapes special characters. But in HTML, the backslash has no special meaning at all.