Why use $_GET['username'] in a database query when you have already declared and set a variable called $id ???
Also try to add caution on your code by stripping tags etc
<?php
$username = "";
if(isset($_POST['submit'])){
$username = htmlspecialchars(strip_tags($_POST['username'])); //clean user in put the assign it to a variable
}
$SQL = "SELECT * FROM user WHERE username = '$username'"; //atleast here $username is clean on your code you risk injection
if($username){
if($db_found){
$result = mysql_query($SQL, $db_handle);
if($result){
//the idea goes on
}
}
}
?>