If you're only getting one row from the database (you can ensure this by adding "LIMIT 1" to the end of your query), then you don't have to put it in a while loop. Instead just:
Just make sure that if the value $bang is set by the user that you escape any illegal characters! This looks like a potential exploit! Before using $bang in your query use the php function addslashes or mysql_real_escape_string on it.
$result = mysql_query("SELECT * FROM user WHERE username='$bang'");
$row = mysql_fetch_array($result);
$sang = $row['username'];
$tang = $row['picture'];