[Misiur]

https://sampwiki.blast.hk/wiki/MySQL#mysql_format

Probably I'm a little paranoid here, because user name can contain only specified characters, but using non escaped queries can result in sql injection. You can use normal format, but don't forget to escape queries ( https://sampwiki.blast.hk/wiki/MySQL#mys..._escape_string )