1. Scrap your code and build it with CGI instead. Attribute arguments are already automatically quoted for you.
2. Use your existing code in conjunction with the CGI module. At a minimum, you can use &CGI::escapeHTML, though I'm not sure that this is a function meant for public consumption.
3. Just write some code to do your own escaping. s/"/\\"/g;

Im using CGI, but the string is taken from a text file and printing to a form, not the other way around.

Well then, follow Fastolfe's second suggestion.

use CGI;      # you already have this line
$q = new CGI; # and one like this to I suppose
my $var = "some text from a file";
my $varesc = $q->escapeHTML($var);
[download]

--
$you = new YOU;
honk() if $you->love(perl)

well, if you are using CGI.pm then why not use the textfield method? it escapes html for you (it uses the escapeHTML() method internally):

use CGI;
my $q = new CGI;
my $value = '<img src="/someimg.gif">';
print   $q->start_html(),
        $q->start_form(), 
        $q->textfield(  -name=>'test',
                    -value=>$value),              
    $q->end_form,
    $q->end_html;
[download]

it works great!

use HTML::Entities;
&encode_entities($string)
[download]

&decode_entities($string)
[download]