首先，我建议您转义输入.

first off i would suggest you escaping the inputs.

还值得注意的是，您可以使用mysqli的预备语句和面向对象的方式，因为OO上的大多数文档都比过程方式更清晰.

also worth noting you could use prepared statements and object oriented way of mysqli as most of the documents on OO are clearer than the procedural way.

喜欢:

<?php
$u=striptags($_POST['username']);
$p=striptags($_POST['password']);
$e=filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
$ph=(int)$_POST['phone'];

$mysqli = new mysqli($host,$username,$password,$db_name); 
$query = "INSERT INTO register (username,password,email,phone) VALUES (?,?,?,?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("sssi", $u, $p, $e, $ph);
$stmt->execute();
$mysqli->close();

?>

在密码上使用散列也不会造成伤害，例如

it would not also hurt using hash on your password like :

<?php

$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
$passh = crypt($pass, '$6$'.$salt);
?>

请注意，您还需要将盐存储在mysql中，以便以后进行比较

do note that you will need to store the salt in mysql also so you can compare it later

因此，使用这些密码可以更安全，并且如果数据库被盗，密码将保持散列状态.

so with these your passwords are safer and if your database gets stolen the passwords will remain hashed.