With every SQL command you build, you should be certain to quote values using Solar_Sql_Adapter::quote(), Solar_Sql_Adapter::quoteInto(), or Solar_Sql_Adapter::quoteMulti().
Alterntatively, use Solar_Sql_Select to build SELECT statements and fetch results.
You can build your SELECT commands using named placeholders, and the $data array will be automatically quoted into the command for you (per the requirements of your particular database). For example:
<?php
$sql = Solar::factory('Solar_Sql');
// the command
$cmd = "SELECT * FROM table WHERE foo = :bar AND zim = :dib";
// data to bind into named placeholders
$data = array(
'bar' => 'double quote"ed',
'dib' => "single quote'ed",
);
// get a PDOStatement result
$pdoStatement = $sql->query($cmd, $data);
// the result will be from this statement:
// SELECT * FROM table WHERE foo = 'double quote\"ed' AND zim = 'single quote\'ed'
?>