You already know the user from $_SESSION['username'], don't you?
In the form:
<?php
while($row = mysql_fetch_array($data)){
?>
<tr align="left" bgcolor="<?php echo $bgcolor; ?>">
<td align="center"><?php echo $row['access_level']; ?></td>
<td>
<input type="radio" name="destination" value="<?php echo $row['id']; ?>">
<?php echo $row['name']; ?>
</td>
<td><?php echo $row['stores']; ?></td>
<td><?php echo $row['cost']; ?></td>
</tr>
<?php
}
?>
And then when processing the form:
if(isset($_POST['submit'])){
if(!empty($_POST['destination'])){
$destination_id = (int) $_POST['destination'];
$username = $_SESSION['username'];
//etc.
} else {
// etc.
}
}
And another thing, assuming each user only has one row in the "user" table, you don't need, nor should you use, a loop to access their information. Do this instead:
$result = mysql_query("SELECT * FROM `user` WHERE `username`='$username' LIMIT 1");
if($result){
$user_info = mysql_fetch_array($result);
$available_cash = $user_info['cash'];
} else {
// Error
}