How to properly escape quotes being written to db
I have a form that is writing user info to a database.
My save function has this:
Some users are getting errors, and my testing indicates it has to do with unescaped quotes... Is there some function I can use to filter these text fields prior to running the save function here?
Should I use server.htmlencode, or is there a better recommendation? Thanks