Untitled

<?php
include("confff.php");//check

//set variable
$passkey=$_GET['passkey'];
$sql1="SELECT * FROM temp WHERE code='$passkey'";
$result1=mysql_query($sql1);

//if sucessfully queried
if($result1)
{

    //how many rows have key
    $count=mysql_num_rows($result1);

    //if passkey in database, retrieve data
    if($count==1)
    {
        $rows=mysql_fetch_array($result1);
        $namex=$rows['username'];
        $emailx=$rows['email'];
        $passwordx=$rows['password'];

        //takeoutspace
        $name=str_replace(' ','',$namex);
        $email=str_replace(' ','',$emailx);
        $password=str_replace(' ','',$passwordx);

        //insert into users table
        $sql2="INSERT INTO users SET username='$name', points='5', mycities='1', email='$email', password='$password'";
        $result2=mysql_query($sql2);

        if ($result2)
        {

            //starting values
            $myCityname = $name . '\'s city';
            $sql3="INSERT INTO resources SET username='$name', cityname='$myCityname', wood='200', stone='200', iron='200', people='10', gold='100', loyalty='100%'";
            $result3=mysql_query($sql3);

            //remove from temp
            $sql5="DELETE FROM temp WHERE code='$passkey'";
            $result=mysql_query($sql5);

            header("location:confirmation2.html");
        }
        else
        {
            echo "wrong confirmation code";
        }
    }
}

?>