I have a form that is writing user info to a database.

My save function has this:

Code:
User.SetValue("FirstName", txtFirstName.Text)
User.SetValue("LastName", txtLastName.Text)
User.SetValue("Email", txtEmail.Text)
User.SetValue("City", txtCity.Text)
User.SetValue("Password", txtPassword.Text)
Some users are getting errors, and my testing indicates it has to do with unescaped quotes... Is there some function I can use to filter these text fields prior to running the save function here?

Should I use server.htmlencode, or is there a better recommendation? Thanks