You didn't actually say where the error is, but looking at the source, you are not validating that username actually exists in session, so $regno could evaluate to 'false' and potentially as result that creates invalid SQL query.
where_in for example is painful method in that sense, it accepts empty array, but then creates "field IN ()" which throws SQL error.