If I have a user registration form should I use both server.htmlencode and an SQL injection protection function for every text field and textarea?

You don't really need the htmlencode for anything other than text areas.

Your other validation should be ok for usernames, passwords etc.

Would you be able to give me a bit of clarification as to why it's not needed for normal textboxes? and what validation should I have for normal text boxes.

thank you very much.

The HTMLEncode method applies HTML encoding to the variable.

Not sure why you would want that for a username or password.
Other forms of SQL injection or validation would be required.

I would see HTMLEncode use for textareas where users may be inputting HTML code.