I hope you don't have that code on any on-line server.
- SQL-injection, from:
mysql_query("insert into profiles set name= '".$_POST["name"]."', age= '".$_POST["age"]."', country = '".$_POST["country"]."', folder = '".$_POST["folder"]."'");
- And I can create a bazilion folders on your drive, from:
$folder = $_POST['folder'];
$path1 = '../game1/photos/' . $folder;
My suggestion is to save files into folders organized by date (more exactly by month) and not by username. After a number of 200 000 users the OS will have some speed issues in reading all your folders. So, again, my suggestion is:
$dateToStore = date('YM');
// store $dateToStore into database
$path1 = '../game1/photos/' . $dateToStore;
$path2 = '../game2/photos/' . $dateToStore;
And also, this is how you will eliminate the 2nd security issue.
Also, as @iamjones says, you should use [PDO and [URL="http://ro1.php.net/manual/en/pdo.prepared-statements.php"]prepared statements](http://php.net/pdo).