Right now I'm using a mysql query to check if a user exists and if so redirect the page. Nothing is being echo'd out, and the redirect doesn't involved any data from the query. I can't fathom where there could be any risk, so I just want to make sure there's not something I don't understand. Thanks!
if (mysql_num_rows(mysql_query("SELECT * FROM performers WHERE username='".$_GET['username']."' AND acct_type='group'")) > 0) {
header('Location: gprofile.php?username='.$_GET['username']);
exit();
}