Hi, I've noticed I am a very sloppy coder and do things out of the ordinary.

Can you take a look at my code and give me some tips on how to code more efficiently? What can I do to improve?

session_start();
/check if the token is correct/
if ($_SESSION['token'] == $_GET['custom1']){
/*connect to db*/
mysql_connect('localhost','x','x') or die(mysql_error());
mysql_select_db('x');



/*get data*/

$orderid = mysql_real_escape_string($_GET['order_id']);
$amount = mysql_real_escape_string($_GET['amount']);
$product = mysql_real_escape_string($_GET['product1Name']);
$cc = mysql_real_escape_string($_GET['Credit_Card_Number']);
$length = strlen($cc);
$last = 4;
$start = $length - $last;
$last4 = substr($cc, $start, $last);
$ipaddress = mysql_real_escape_string($_GET['ipAddress']);
$accountid = $_SESSION['user_id'];
$credits = mysql_real_escape_string($_GET['custom3']);




/*insert history into db*/
mysql_query("INSERT into billinghistory (orderid, price, description, credits, last4, orderip, accountid) VALUES ('$orderid', '$amount', '$product', '$credits', '$last4', '$ipaddress', '$accountid')"); 
/*add the credits to the users account*/
mysql_query("UPDATE accounts SET credits = credits + $credits WHERE user_id = '$accountid'");

/*redirect is successful*/
header("location: index.php?x=1");
}else{

/*something messed up*/
header("location: error.php");
}