This is the wrong way to use SQL.
Get rid of your PreparesqlFormat() function and use AnsiQuotedStr()
instead:
Active := False;
Sql.Text := 'select * from backup_folders where (user_id=' + AnsiQuotedStr(userID, #39) + ') and (folder=' + AnsiQuotedStr('my name wouldn''t be here', #39) + ')';
Active := True;
A better option is to use a parameterized query instead. Let the DB handle quotes for you:
Active := False;
// depending on which DB component you are using, you might need to use @ instead of :
Sql.Text := 'select * from backup_folders where (user_id=:PUserID) and (folder=:PFolder)';
ParamByName('PUserID').AsString := userID;
ParamByName('PFolder').AsString := 'my name wouldn''t be here';
Active := True;