How to make register form highly secure using php command?

Question

I want to make the code really secure for the users. The code below shows the php code that

I have used it for my website. Right now I have used some validation such as password and repeatPassword has to match and the users has to input all the fields.

To make it more secure, I want to insert secure command such as PDO, mysqli, crypto or MD5

But I do not know how to since I have new to php.

How can i do this ?

My Code is here :

 <?php       
      include"config.php";
  if (isset($_POST['submit']))
{
    $user_name = $_POST['name']; 
    $user_surname = $_POST['surname']; 
    $user_email = $_POST['email']; 
    $user_academic = $_POST['academic_institute']; 
    $user_username = $_POST['username']; 
    $user_pass = ($_POST['password']); 
    $user_pass2 = ($_POST['repeatPassword']); 

    if($user_name && $user_username)
        {
    if($user_pass==$user_pass2)
    {
  $query = mysql_query("INSERT INTO members (name, surname, email, academic_institute,   username, password, repeatPassword) 
   VALUES ('$user_name', '$user_surname', '$user_email', '$user_academic',     '$user_username', '$user_pass', '$user_pass2')");
   mysql_query($query); 


 echo '<script type="text/javascript">alert("You have been registered");</script>';
    }
    else
    {
        echo '<script type="text/javascript">alert("Password must match");</script>';
    }
}
else {
        echo '<script type="text/javascript">alert("All fields required");</script>';
}
  }
   ?>

Answer 1

Not a "true" answer, but too long for the comment section, so I'll migrate it to an answer:

My original comment (slightly improved)

You probably want to start with: How can I prevent SQL injection in PHP?

And then continue with: Secure hash and salt for PHP passwords.

And then you want to fix your code style. Well-styled code is easier to read. Easy to read code is easier to understand. And the better you understand code, the better you can reason about security (or, indeed, correctness in general).

Also make sure you serving the site over an SSL connection.

Your reply

@Carpetsmoker, Can you quickly edit my code and try to make it secure. I read the links you gave it to me. Since I am new to php, I am struggling to understand. If you have time can you please quickly edit my code. Thank you –

And my reply to that

I'm sorry, but no :-)
This is not a 'Please write my code'-site, you really have to do it yourself.

Don't get me wrong, I really appreciate that this task can be daunting, and that you're struggling to grasp all the concepts. I've did plenty of struggling, and still do on occasion, but (unfortunately) this is part of the learning process. I know of no other way of doing it.

First, remember those two links are just starting points which point out what you can improve. Feel free to do more research, search the internet, etc.

Second, Fix one thing at a time. So first concentrate on the SQL problems, when you sorted that, go ahead to the password hashing, when you sorted that, move on to SSL.

Your reply came about 15 minutes after my comment; you should expect to invest several days into this, this is not a simple problem you can fix with a simple line of code. You will need to grasp deeper concepts if you want to do it correctly.

Keep at it! Don't lose hope! All programmers struggle! And if you have problems/can't figure something out, don't be afraid to ask more (specific) questions on StackOverflow. And remember, at the end of all of this, you will be a better programmer. These few days of investment will benefit you for life!