Cookie konusu doğrudur aşağıdaki gibi değiştirirsen sql injection a karşı önlem alabilirsin
<?php if(empty($username_from_cookie)){?>
<form method="POST" name="headlogin" action="login.php">
<input type="text" name="username" placeholder="Kullanici Adi" class="giris-text" />
<input type="password" name="password" placeholder="Sifre" class="giris-text" />
<input type="submit" name="loginhead" style="background:url(<?=$Url?>images/giris2.png); border:0px; outline:none; width:78px; height:34px;" class="giris-image" value="">
<a href="kayit-ol.php"><img src="<?=$Url?>images/uye2.png" class="giris-image" alt="Kayit Ol" /></a>
</form>
<?php }else{
$username_from_cookie = mysql_real_escape_string($username_from_cookie);
$query = "SELECT * FROM users WHERE `username`='$username_from_cookie'";
$result = mysql_query($query) or die("Couldn't execute query");
while ($row= mysql_fetch_array($result)) {
$avatar=$row["avatar"];
}
?>
<div class="giris">
<a href="panel.php"><img src="<?=$Url?><?=$avatar?>" width="32" height="32" style="opacity:0.3;" alt="<?=$username_from_cookie?>"></a>
Hosgeldiniz <?=$row["permissions"];?>"<a href="panel.php"><?=$username_from_cookie?></a>" Iyi vakit geçirmeniz dilegiyle
<a href="logout.php" style="color:#f00;">Çikis Yap</a>
</div>
<?php } ?>