WWW form string data: best way to encode/escape string data?

I'm collecting strings from users which I need to store in an online database.

Just sending a string as-is is problematic of course. ex: "This isn't just quoted, it's "double quoted" "

And that's just quote! Not to mention & < > \ etc.

So, shoud I use WWW.EscapeURL (which seems to be URL-centric, rather than arbitrary string centric), or is there a handy System function for doing this? And the reverse of this in PHP, too, as sometimes they behave non-symetrically ;)

(System.Web.HttpUtility.HtmlEncode/.Decode seem unavailable. This will be a web-browser app btw).

var sendMe = yourstring.Replace("&", "& amp ;").Replace("<", & lt ;").Replace(">",& gt ;").Replace("\"", "& quot ;");