解决动态生成的SQL中特殊字符的问题 QuotedStr function

Returns the quoted version of a string.

Unit
SysUtils

Category
String handling routines

Delphi syntax:
function QuotedStr(const S: string): string;

Description
Use QuotedStr to convert the string S to a quoted string. A single quote character (') is inserted at the beginning and end of S, and each single quote character in the string is repeated.

Note: When working with multi-byte character systems (MBCS), use AnsiQuotedStr instead.

Example 

SQL.Add(format(  'select * from tabname where field1 = %s',   [QuotedStr(Edit1.Text)]));