Start by not doing that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Then, use the debugger to find out exactly what string you are generating: I'd suspect this bit:
... order by ' + ListTrie.Items[ListTrie.ItemIndex] + TxtTrie ...
Since you don't close the quotes, and I'm pretty sure the open quote isn't what you wanted anyway, but since it all depends on the data in your fields we can't tell - and neither can you without using the debugger to find out exactly what is being sent to the DB.