Why are you usinf stripslashes and the soon to be deleted mysql_real_escape_string on the password field - once you feed it to password_hash() it will be safe to insert into the database using mysqli or pdo without needing to be escaped. Anyway escaping anything to go in the database is now obsolete since both mysqli and pdo support prepare statements that keep the data separate from the sql (the mysql interface your code is using was flagged as obsolete about five or so years back and is going to be deleted any day now).
1 Like