swa66 - 4:15 pm on Dec 25, 2012 (gmt 0)
if (isset($_POST[reg]) && ($_POST[sname]))
$lookup = mysql_query('SELECT * FROM cust WHERE reg = '$_POST[reg]'AND sname LIKE '%$_POST[sname]%'")
is an open invitation to getting hacked. SQL injection.
Suggest you switch away from the obsolete mysql interface to the mysqli (note the i) and use prepared statements or at the very least escape the data
Also improve your input filtering.
Otherwise you risk this: [xkcd.com...]