can players exploit sourcemod with their name?
 

servercommand("sm_command %s",GetClientName(client))

if they make their name something like ;quit will it work like sm_command ; then quit the console?
is it somehow possible for them to make their name like something like i mentioned above,if its possible which names are possible threat,(i am not sure but i saw something like ;/quit/ i cant exactly remember)

how can i prevent them from doing that

Re: can players exploit sourcemod with their name?
 

Yes, that's why you need to target them via User ID or Serial. Never target clients via their name in plugins.

Re: can players exploit sourcemod with their name?
 

can they exploit it with such an easy name ";quit" or they have to do more complex names?

and how can i make a plugin that says "{playernamer} Welcome !"
if we cant directly use their name

and does using printtochat bypasses that name expoit?

Re: can players exploit sourcemod with their name?
 

I'm not very knowledgeable about code injection but I think sm_command is your only worry since it's executing a command without any filtering as far as I know, but stuff like PrintToChat and basically every other function doesn't work like that.

As for your specific worry though, %N is a formatting thing that puts someones name into the string provided a client index, i.e.,

PrintToChat(client, "%N Welcome to the server!", client);

Hopefully someone with more indepth knowledge of sourcepawn can verify these things.

Re: can players exploit sourcemod with their name?
 

It is safe to use SM's Print* functions. I know only two cases where you shouldn't use player name:
1) FakeClientCommand(Ex), ServerCommand() and ClientCommand() - use UserId instead (as said in #2).

2) SQL Queries - use Database.Format or Database.Escape to escape some symbols in player name.