INTRO-LVL编程器：在PHP / MySQL中验证和执行指导

There are a few points where your code can be rearranged to make the logic easier to follow. (Don't worry; this is just stuff that comes with experience.) I'll include some comments within the following code to explain what I've done.

<?php
    session_start(); 
    require_once("config.php");

    $GroupDesc = $_GET["GroupDesc"]; 
    $LeaderID = $_GET["LeaderID"];
    $URL = $_GET["URL"];
    $Email=$_GET["Email"];

    // mysqli_connect is deprecated; the preferred syntax is
    $con = new mysqli("$SERVER","$USERID","$DBPASSWORD","$DATABASE");

    $query1= "SELECT * from USER where LeaderID = '$ID' and Email = '$Email';";
    $result = mysqli_query($con, $query1);

    // I personally prefer the following opening-brace style; I just find it
    //  easier to read. You can use the other style if you want; just do it 
    //  consistently.
    if ($result)
    {
        $row = mysqli_fetch_assoc($result);
        if($row)
        {
            if (($row['ID'] != $LeaderID) or ($row['Email'] != $Email))
            {
                // Handle the error first, and exit immediately
                print "Some of the data you provided didn't match our records. Please contact the webmaster.".mysqli_error($con)." <br>"; 
                $_SESSION["RegState"]= -11;
                $_SESSION["ErrorMsg"]= "Database Insert failed due to inconsistent data: ".mysqli_error($con);
                header("Location:../index.php");
                die();
            }
            else
            {
                // If the query succeeded, fall through to the code that processes it
                $query = "INSERT INTO FA15_1052_tuf02984.WebsiteGroups (ID, Description, LeaderID, URL, LeaderEmail)
                             VALUES ('$GroupDesc', '$LeaderUID', '$URL', '$Email');";

                $status = mysqli_query($con, $query);

                if ($status)
                { 
                    // membership has been updated  
                    $_SESSION["RegState"]=9.5; // 0: Not Registered, 1: Register, -1: Error 
                    $message="This is confirmation that you the group you lead has been added to our database.
                        Your group's ID in our database is "$GID". Please keep this in your records as you will need it to make changes.
                        If this was done in error, please contact the webmaster at tuf02984webmaster@website.com";
                    $headers = 'From: tuf02984webmaster@example.com'."
".
                        'Reply-To: tuf02984webmaster@example.com'. "
".
                         'X-Mailer: PHP/' . phpversion();
                    mail($Email, "You are a group leader!", $message, $headers);
                    header("Location:../index.php"); 
                    // die();
                    // You only use die() to return from an error state.
                    // Calling die() creates an entry in the server's error log file.
                    // For a successful completion, use
                    return;
                }
            }
        }
    }

    // If we get here, then something has gone wrong which we haven't already handled
    print "Membership update failed. Please contact webmaster.".mysqli_error($con)." <br>"; 
    $_SESSION["RegState"]= -11; // 0: Not Registered, 1: Register, -1: Error 
    $_SESSION["ErrorMsg"]= "Database Insert failed: ".mysqli_error($con);
    header("Location:../index.php");
    die();

?>

The basic idiom is: Do something, handle the specific error, handle success, do something else, etc., and finally handle any errors that can come from multiple points. If anything is unclear, just ask and I'll edit into my answer.

I haven't covered prepared statements here. Prepared statements are the preferred way to perform non-trivial queries; they help to resist SQL injection attacks as well as simplify type-matching, quoting and escaping of special characters.