How to Create Secure Registration Page in PHP/MySQL Part III

Submitted by: 
Visitors have accessed this post 1300 times.

In our last two articles, we discuss on how to create a registration page using mysql and mysqli extension and how to secure it using mysql_real_escape_string or mysqli_real_escape_string.
This time we will modify our code to use PDO instead of mysql or mysqli extension.
Before we begin, let’s give some few advantages of using PDO in favor of mysqli.

  • Portability – supports 12 different drivers
  • Prepared statements – no need to use real_escape_string
  • Object Oriented
  • Named parameters
  • Support stored procedures

PDO and mysqli has little to no difference at all except that PDO is more portable. So, if you want to connect to multiple databases without using different drivers, it’s preferable to use PDO.
Now, here’s the code of using PDO with little changes from our previous tutorial.


Just change the line from previous tutorial:



  1. <?php
  2. //retrieve our DATA FROM POST
  3. $username = $_POST['username'];
  4. $password1 = $_POST['password1'];
  5. $password2 = $_POST['password2'];
  6. $email = $_POST['email'];
  8. IF($password1 != $password2)
  9. header('Location: registration.html');
  11. IF(strlen($username) > 30)
  12. header('Location: registration.html');
  14. $hash = hash('sha256', $password1);
  16. FUNCTION createSalt()
  17. {
  18. $text = md5(uniqid(rand(), TRUE));
  19. RETURN substr($text, 0, 3);
  20. }
  22. $salt = createSalt();
  23. $password = hash('sha256', $salt . $hash);
  25. $conn = NEW PDO('mysql:host=localhost;dbname=login', 'root', '');
  27. $qry = $conn->PREPARE('INSERT INTO member (username, password, email, salt) VALUES (?, ?, ?, ?)');
  28. $qry->EXECUTE(array($username, $password, $email, $salt));
  30. header('Location: login.php');
  31. ?>

In our next tutorial, we will discuss on how to create a secure login page based on the three tutorials about how to create a secure registration page.


we don't close the connection with $conn = null;?

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You may insert videos with [video:URL]
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <th> <img> <h1> <h2> <h3> <iframe> [video]
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <asp>, <c>, <cpp>, <csharp>, <css>, <html4strict>, <java>, <javascript>, <mysql>, <php>, <python>, <sql>, <vb>, <vbnet>. The supported tag styles are: <foo>, [foo].
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.