Untitled

<?php
            if(isset($_POST['code']) && !empty($_POST['code'])){
                $code=mb_strtoupper($mysql->real_escape_string($_POST['code']));
                $login_id = $mysql->query('SELECT `myref` FROM `users` WHERE `steamid`="'.$mysql->real_escape_string($_SESSION['steamid']).'"');
				$code_used = $mysql->query('SELECT `codeused` FROM `users` WHERE `steamid`="'.$mysql->real_escape_string($_SESSION['steamid']).'"');
                $login_id = $login_id->fetch_row();
                $refsteamid = $mysql->query('SELECT `steamid` FROM `users` WHERE `myref`="'.$mysql->real_escape_string($code).'"');
                $refsteamid = $refsteamid->fetch_row();

                if($code !== $login_id[0]){
                    $checkref = $mysql->query('SELECT * FROM `users` WHERE `myref`="'.$mysql->real_escape_string($code).'"');
                    if($checkref->num_rows > 0){
                        $mysql->query('UPDATE `users` SET `code`="'.$mysql->real_escape_string($code).'", `refmoney`=`refmoney`+150,`freetaken`=`freetaken`+150, `refsteamid`="'.$mysql->real_escape_string($refsteamid[0]).'" WHERE (`steamid` = "'.$mysql->real_escape_string($_SESSION['steamid']).'") AND (`code` IS NULL)');
                        if ($code !== 'FREE'){
						$mysql->query("INSERT INTO `a_logs` (`userid`,`msg`,`from`,`value`,`time`) VALUES ('".$_SESSION['steamid']."','Refferal code: ".$mysql->real_escape_string($code)."','FREEPOINTS','-150','".time()."')");
						}
						if($code_used == 0)
                        {
							$mysql->query('UPDATE `users` SET `codeused`=1  WHERE (`steamid` = "'.$mysql->real_escape_string($_SESSION['steamid']).'")');
                            $mysql->query('UPDATE `users` SET `refmoney`=`refmoney`+20, `freetaken`=`freetaken`+20 WHERE (`steamid` = "'.$mysql->real_escape_string($refsteamid[0]).'")');
                            echo'<script> setTimeout(function(){ callSwal(); }, 1000); function callSwal(){ swal("Yeah! You get<i class="coin_icon2" style="background-position: 0px -3px;padding-bottom: 10px;"></i> 100 on your account. Site be refreshing in 2 seconds."); }</script>';
                            echo'<meta http-equiv="refresh" content="3;URL=\''.$site['url'].'/freepoints.php\'" />';
                        }
                        else
                        {
                            echo'<script> setTimeout(function(){ callSwal(); }, 2000); function callSwal(){ swal("You allready used ref code."); }</script>';
                        }
                    }
                    else echo 'There is not a player with the given Referral Code! '. mysql_error();
                }
                else echo'<div class="notice error">You cant use own Referral Code !</div>';
            }
?>