Replace explicit quotes with QuotedStr so any quotes inside the strings are dealt with

comparison.pas

@@ -456,8 +456,8 @@ begin
         begin
           RemoveParamClosing(Params);
           ScriptList.Add(Params);
-          ScriptList.Add('ENTRY_POINT ''' + EntryPoint + '''');
-          ScriptList.Add('MODULE_NAME ''' + ModuleName + ''';');
+          ScriptList.Add('ENTRY_POINT ' + QuotedStr(EntryPoint));
+          ScriptList.Add('MODULE_NAME ' + QuotedStr(ModuleName) + ';');
           ScriptList.Add('');
         end;
         FQueryWindow.meQuery.Lines.AddStrings(ScriptList);
@@ -1245,7 +1245,7 @@ begin
     begin
       if ((Pos('CHAR', FieldType) > 0) or (Pos('CSTRING', FieldType) > 0)) and
         (Pos('''', DefaultValue) = 0) then
-        DefaultValue:= ' ''' + DefaultValue + '''';
+        DefaultValue:= ' ' + QuotedStr(DefaultValue);
       if Pos('default', LowerCase(DefaultValue)) = 0 then
         DefaultValue:= ' default ' + DefaultValue;
       Line:= Line + ' ' + DefaultValue;
@@ -1346,9 +1346,10 @@ begin
       // Description
       if Description <> CDescription then
       begin
-        ScriptList.Add('UPDATE RDB$RELATION_FIELDS set RDB$DESCRIPTION = ''' + Description + '''');
-        ScriptList.Add('where RDB$FIELD_NAME = ''' + UpperCase(AFieldName) + '''');
-        ScriptList.Add('and RDB$RELATION_NAME = ''' + ATableName + ''';');
+        ScriptList.Add('UPDATE RDB$RELATION_FIELDS ' +
+          'set RDB$DESCRIPTION = ' + QuotedStr(Description));
+        ScriptList.Add('where RDB$FIELD_NAME = ' + QuotedStr(UpperCase(AFieldName)));
+        ScriptList.Add('and RDB$RELATION_NAME = ' + QuotedStr(ATableName) + ';');
       end;
 
       // todo: Collation/character set changes: find a way to perform these
@@ -1360,9 +1361,10 @@ begin
       // Default value
       if DefaultValue <> cDefaultValue then
       begin
-        ScriptList.Add('UPDATE RDB$RELATION_FIELDS set RDB$Default_Source = ''' + DefaultValue + ''' ');
-        ScriptList.Add('where RDB$FIELD_NAME = ''' + UpperCase(AFieldName) + '''');
-        ScriptList.Add('and RDB$RELATION_NAME = ''' + ATableName + ''';');
+        ScriptList.Add('UPDATE RDB$RELATION_FIELDS ' +
+          'set RDB$Default_Source = ' + QuotedStr(DefaultValue) + ' ');
+        ScriptList.Add('where RDB$FIELD_NAME = ' + QuotedStr(UpperCase(AFieldName)));
+        ScriptList.Add('and RDB$RELATION_NAME = ' + QuotedStr(ATableName) + ';');
       end;
       FQueryWindow.meQuery.Lines.Add('');
       FQueryWindow.meQuery.Lines.Add('-- ' + AFieldName + ' on ' + ATableName);
@@ -1579,8 +1581,8 @@ begin
       FQueryWindow.meQuery.Lines.Add('');
       FQueryWindow.meQuery.Lines.Add('DECLARE EXTERNAL FUNCTION "' + FunctionName + '"(');
       FQueryWindow.meQuery.Lines.Add(Params);
-      FQueryWindow.meQuery.Lines.Add('ENTRY_POINT ''' + EntryPoint + '''');
-      FQueryWindow.meQuery.Lines.Add('MODULE_NAME ''' + ModuleName + ''' ;');
+      FQueryWindow.meQuery.Lines.Add('ENTRY_POINT ' + QuotedStr(EntryPoint));
+      FQueryWindow.meQuery.Lines.Add('MODULE_NAME ' + QuotedStr(ModuleName) + ' ;');
 
       FQueryWindow.meQuery.Lines.Add('');
     end;

main.pas

@@ -318,7 +318,7 @@ begin
       // Create user
       dmSysTables.Init(dbIndex);
       dmSysTables.sqQuery.Close;
-      dmSysTables.sqQuery.SQL.Text:= 'create user ' + edUserName.Text + ' password ''' + edPassword.Text  + '''';
+      dmSysTables.sqQuery.SQL.Text:= 'create user ' + edUserName.Text + ' password ' + QuotedStr(edPassword.Text);
       dmSysTables.sqQuery.ExecSQL;
 
       // Grant rule
@@ -366,8 +366,8 @@ begin
     try
        dmSysTables.Init(tvMain.Selected.Parent.Parent.OverlayIndex);
        dmSysTables.sqQuery.Close;
-       dmSysTables.sqQuery.SQL.Text:= 'alter user ' + tvMain.Selected.Text + ' password ''' +
-         fmChangePass.edPassword.Text + '''';
+       dmSysTables.sqQuery.SQL.Text:= 'alter user ' + tvMain.Selected.Text +
+         ' password ' + QuotedStr(fmChangePass.edPassword.Text);
        dmSysTables.sqQuery.ExecSQL;
        dmSysTables.stTrans.Commit;
        MessageDlg('Password has been changed', mtInformation, [mbOk], 0);
@@ -665,7 +665,7 @@ begin
 
         for i:= 1 to StringGrid1.RowCount - 1 do
           if Pos('CHAR', StringGrid1.Cells[2, i]) > 0 then
-            Line:= Line + '''' + StringGrid1.Cells[0, i] + ''', '
+            Line:= Line + QuotedStr(StringGrid1.Cells[0, i]) + ', '
           else
             Line:= Line + StringGrid1.Cells[0, i] + ', ';
         if WithParams then
@@ -1263,8 +1263,9 @@ begin
 
     if Trim(fmNewDomain.edDefault.Text) <> '' then
     begin
-      if Pos('char', LowerCase(fmNewDomain.cbType.Text)) > 0 then
-        meQuery.Lines.Add('default ''' + fmNewDomain.edDefault.Text + '''')
+      if (Pos('char', LowerCase(fmNewDomain.cbType.Text)) > 0) or
+        (LowerCase(fmNewDomain.cbType.Text)='cstring') then
+        meQuery.Lines.Add('default ' + QuotedStr(fmNewDomain.edDefault.Text))
       else
         meQuery.Lines.Add('DEFAULT ' + fmNewDomain.edDefault.Text);
     end;
@@ -1613,8 +1614,8 @@ begin
     QWindow.meQuery.Lines.Add('DECLARE EXTERNAL FUNCTION "' + AFuncName + '"');
     QWindow.meQuery.Lines.Add('-- (int, varchar(100))');
     QWindow.meQuery.Lines.Add('RETURNS (int)');
-    QWindow.meQuery.Lines.Add('ENTRY_POINT ''' + entryPoint + '''');
-    QWindow.meQuery.Lines.Add('MODULE_NAME ''' + modulename + ''' ;');
+    QWindow.meQuery.Lines.Add('ENTRY_POINT ' + QuotedStr(entryPoint));
+    QWindow.meQuery.Lines.Add('MODULE_NAME ' + QuotedStr(modulename) + ';');
     QWindow.Show;
   end;
 end;
@@ -2082,7 +2083,7 @@ begin
         // Script triggers
         SQLQuery1.Close;
         SQLQuery1.SQL.Text:= 'SELECT RDB$Trigger_Name, RDB$Trigger_Inactive FROM RDB$TRIGGERS WHERE RDB$SYSTEM_FLAG=0 ' +
-          'and RDB$Relation_Name = ''' + aTableName + '''';
+          'and RDB$Relation_Name = ' + QuotedStr(aTableName);
         SQLQuery1.Open;
         with SQLQuery1 do
         while not EOF do

neweditfield.pas

@@ -101,7 +101,7 @@ begin
         (cbType.Text='CSTRING') or
         (cbType.Text='VARCHAR')) and
         (Pos('''', edDefault.Text) = 0) then
-        Line:= Line + ' default ''' + edDefault.Text + ''''
+        Line:= Line + ' default ' + QuotedStr(edDefault.Text)
       else
         Line:= Line + ' default ' + edDefault.Text;
     end;
@@ -161,16 +161,17 @@ begin
       else
         NullFlag:= '1';
         Line:= Line + 'UPDATE RDB$RELATION_FIELDS SET RDB$NULL_FLAG = ' + NullFlag + LineEnding +
-          'WHERE RDB$FIELD_NAME = ''' + UpperCase(Trim(edFieldName.Text)) + ''' AND RDB$RELATION_NAME = ''' +
-          FTableName + '''' + LineEnding;
+          'WHERE RDB$FIELD_NAME = ' + QuotedStr(UpperCase(Trim(edFieldName.Text))) + ' ' +
+          'AND RDB$RELATION_NAME = ' + QuotedStr(FTableName) + LineEnding;
     end;
 
     // Description
     if edDescription.Text <> OldDescription then
     begin
-      Line:= Line + 'UPDATE RDB$RELATION_FIELDS set RDB$DESCRIPTION = ''' + edDescription.Text +
-        '''  where RDB$FIELD_NAME = ''' + UpperCase(Trim(edFieldName.Text)) +
-        ''' and RDB$RELATION_NAME = ''' + FTableName + ''';' + LineEnding;
+      Line:= Line + 'UPDATE RDB$RELATION_FIELDS ' +
+        'set RDB$DESCRIPTION = ' + QuotedStr(edDescription.Text) + ' ' +
+        'where RDB$FIELD_NAME = ' + QuotedStr(UpperCase(Trim(edFieldName.Text))) + ' ' +
+        'and RDB$RELATION_NAME = ' + QuotedStr(FTableName) + ';' + LineEnding;
     end;
 
     // Default value

newtable.pas

@@ -96,7 +96,7 @@ begin
       if Trim(StringGrid1.Cells[5, i]) <> '' then
       begin
         if (Pos('CHAR', FieldType) > 0) and (Pos('''', StringGrid1.Cells[5, i]) = 0) then
-          FieldLine:= FieldLine + ' default ''' + StringGrid1.Cells[5, i] + ''''
+          FieldLine:= FieldLine + ' default ' + QuotedStr(StringGrid1.Cells[5, i])
         else
           FieldLine:= FieldLine + ' default ' + StringGrid1.Cells[5, i];
       end;

scriptdb.pas

@@ -120,8 +120,8 @@ begin
     begin
       RemoveParamClosing(Params);
       List.Add(Params);
-      List.Add('ENTRY_POINT ''' + EntryPoint + '''');
-      List.Add('MODULE_NAME ''' + ModuleName + ''';');
+      List.Add('ENTRY_POINT ' + QuotedStr(EntryPoint));
+      List.Add('MODULE_NAME ' + QuotedStr(ModuleName) + ';');
       List.Add('');
     end;
   end;
@@ -272,7 +272,7 @@ begin
         if DefaultValue <> '' then
         begin
           if pos('default', LowerCase(DefaultValue)) <> 1 then
-            DefaultValue:= ' default ''' + DefaultValue + '''';
+            DefaultValue:= ' default ' + QuotedStr(DefaultValue);
           FieldLine:= FieldLine + ' ' + DefaultValue;
         end;
 

systables.pas

@@ -593,8 +593,8 @@ begin
     'where Con.RDB$COnstraint_Name = Refc.RDB$Const_Name_UQ ' +
     '  and Refc.RDB$COnstraint_Name = Ind.RDB$Index_Name' +
     '  and Refc.RDB$COnstraint_Name = Seg.RDB$Index_Name' +
-    '  and Ind.RDB$Relation_Name = ''' + UpperCase(ATableName) + ''' ' +
-    '  and Refc.RDB$Constraint_Name = ''' + ConstraintName + '''';
+    '  and Ind.RDB$Relation_Name = ' + QuotedStr(UpperCase(ATableName)) + ' ' +
+    '  and Refc.RDB$Constraint_Name = ' + QuotedStr(ConstraintName);
   sqQuery.Open;
   Result:= sqQuery.RecordCount > 0;
   with sqQuery do
@@ -618,7 +618,8 @@ function TdmSysTables.GetExceptionInfo(ExceptionName: string; var Msg, Descripti
   SqlQuery: string): Boolean;
 begin
   sqQuery.Close;
-  sqQuery.SQL.Text:= 'select * from RDB$EXCEPTIONS where RDB$EXCEPTION_NAME = ''' + ExceptionName + '''';
+  sqQuery.SQL.Text:= 'select * from RDB$EXCEPTIONS ' +
+   'where RDB$EXCEPTION_NAME = ' + QuotedStr(ExceptionName);
   sqQuery.Open;
   Result:= sqQuery.RecordCount > 0;
   if Result then
@@ -626,7 +627,7 @@ begin
     Msg:= sqQuery.FieldByName('RDB$MESSAGE').AsString;
     Description:= sqQuery.FieldByName('RDB$DESCRIPTION').AsString;
     SqlQuery:= 'CREATE EXCEPTION ' + ExceptionName + LineEnding +
-      '''' + Msg + ''';';
+      QuotedStr(Msg) + ';';
     if Description<>'' then
       SQLQuery:= SQLQuery + LineEnding +
         'UPDATE RDB$EXCEPTIONS set ' + LineEnding +
@@ -685,7 +686,7 @@ function TdmSysTables.GetConstraintForeignKeyFields(AIndexName: string; SqlQuery
 begin
   SQLQuery.Close;
   SQLQuery.SQL.Text:= 'select RDB$Index_Name as IndexName, RDB$Field_name as FieldName from RDB$INDEX_SEGMENTS ' +
-    'where RDB$Index_name = ''' + UpperCase(Trim(AIndexName)) + '''';
+    'where RDB$Index_name = ' + QuotedStr(UpperCase(Trim(AIndexName)));
   SQLQuery.Open;
   while not SQLQuery.EOF do
   begin
@@ -762,7 +763,7 @@ begin
   Init(dbIndex);
   sqQuery.Close;
   sqQuery.SQL.Text:= 'select distinct RDB$User, RDB$User_Type from RDB$USER_PRIVILEGES  ' +
-    'where RDB$Relation_Name = ''' + ObjectName + '''';
+    'where RDB$Relation_Name = ' + QuotedStr(ObjectName);
   sqQuery.Open;
   while not sqQuery.EOF do
   begin
@@ -811,8 +812,9 @@ function TdmSysTables.GetObjectUserPermission(dbIndex: Integer; ObjectName, User
 begin
   Init(dbIndex);
   sqQuery.Close;
-  sqQuery.SQL.Text:= 'select * from RDB$User_Privileges where RDB$Relation_Name = ''' +
-    ObjectName + ''' and RDB$User = ''' + UserName + '''';
+  sqQuery.SQL.Text:= 'select * from RDB$User_Privileges ' +
+    'where RDB$Relation_Name = ' + QuotedStr(ObjectName) + ' ' +
+    'and RDB$User = ' + QuotedStr(UserName);
   sqQuery.Open;
   Result:= '';
   if sqQuery.RecordCount >  0 then