[Banana_Ghost]

To add on, I'd seriously be escaping that input.

PHP код:

Dialog:CreateChar(playerid, response, listitem, inputtext[])
{
    if (!response)
        return PlayerData[playerid][pCharacter] = 0;
    else if (isnull(inputtext) || strlen(inputtext) > 20)
        return Dialog_Show(playerid, CreateChar, DIALOG_STYLE_INPUT, "Create Character", "Please enter the name of your new character below:\n\nWarning: Your name must be in the Firstname_Lastname format and not exceed 20 characters.", "Create", "Cancel");
    else
    {
        new query[128];
        mysql_format(g_iHandle, query, sizeof(query), "SELECT `ID` FROM `characters` WHERE `Character` = '%e'", inputtext);
        mysql_tquery(g_iHandle, query, "OnCharacterCheck", "ds", playerid, inputtext);
    }
    return 1;
} 


Use mysql_format and pass any strings with the %e specifier or at least use mysql_escape_string so it can be escaped for SQL vulnerabilities.