Escaping user input makes you look cool. No, really.
Also, escape both the domain and username, because someone may get smart and put some SQL stuff as a username ;]
Slowpoke is slow, but
$result = mysql_query("SELECT 'id', 'dname', 'exp_date', 'note' FROM `domain` WHERE id='".$id."' AND...