Database.Format automatically escapes format specifiers for you.
PHP Code:
char query[256], name[32];
GetClientName(client, name, sizeof(name));
hDatabase.Format(query, sizeof(query), "INSERT INTO name_table (name) VALUES ('%s') ON DUPLICATE KEY UPDATE name = VALUES(name);", name);
hDatabase.Query(Handle_FastQuery, query);