Well, first of all, name your variables better. If you're going to look back at your clients code after 2 projects and 3 months ... you MUST know what it all means. So, instead of $cnx I would name it $connectionID or $connID.
The part you are trying to solve, I guess, is the query part.
$cnx-> indicates that it is an object, which I don't see created anywere. (using __construct, autoload or even new className)
The thing you want, is to escape the function with, lets say, addslashes or mysql_real_escape_string();
printf and sprinf is what you should be using. printf imidiatly displays the string and sprintf just makes is whole.
sprintf( 'SELECT `url` FROM `authorized_clients` WHERE `name` = "%s" AND `password` = "%s" LIMIT 1', escapeValue($name), escapeValue($password) );
In this case, you would create a function named escapeValue() and that filters and ONLY returns the escaped value. Since you won't have to do this on a password (it being a salt with a string, hashed by md5, sha1, both or even base64_encode (d )), you should also make a value to encrypt the password.