Oh dear...
1) Relationship design.
2) Tables design.
3) Stored procedure design.
Work on those 3 and you will never see sql injection in your life again.
Everything you wrote can be stopped by properly re-writing the procedure, or altering the table, from being varchar(255)/varchar(max) to varchar(20/30) for example, and the game server should work fine. If not "since i havent touched sro in years", you can basically just modify the stored procedure.
By your logic, i should be able to inject every single game made in life because there is no way to stop sql injection right?
anyways ->
Are stored procedures safe against SQL injection? - Paladion Networks ;
How to prevent SQL Injection in Stored Procedures - CodeProject
Have a great day :)