if(!empty($_GET['ref'])){ session_unset(); $_GET['ref']=preg_replace("#[^a-z\_\-0-9]+#i",'',$_GET['ref']); if($_GET['ref']!=''){ $refq=mysql_query("SELECT login FROM users WHERE login='".mysql_real_escape_string($_GET['ref'])."'"); if(mysql_num_rows($refq)>0){ $refm=mysql_fetch_row($refq); $_SESSION['ref_login']=$refm[0]; } } }