Right now I'm using a mysql query to check if a user exists and if so redirect the page. Nothing is being echo'd out, and the redirect doesn't involved any data from the query. I can't fathom where there could be any risk, so I just want to make sure there's not something I don't understand. Thanks!
if (mysql_num_rows(mysql_query("SELECT * FROM performers WHERE username='".$_GET['username']."' AND acct_type='group'")) > 0) {
header('Location: gprofile.php?username='.$_GET['username']);
exit();
}
Yes, definitely a concern. If a hacker decided their username was bob';drop table performers;-- then you're in trouble.
ALWAYS ALWAYS use mysql_real_escape_string() on untrusted data (or to be safe, any data).
In addition the glaring SQL injection vulnerability (described already by DuncanNZ) there is a CSRF vulnerability too.