About making your code more secure:
- You should ALWAYS validate user entries, even from a POST method which can be changed by using firebug before submitting the form. As you are inserting the user input in a query, it's much more important.
About your question in general
As I advised you in the comment, use PHPass or already made APIs which will do the job for you.
You'll hash the username, pass and salt at account creation time and insert the hash in the database.
At authentication time, you'll regenerate a hash with the given login + password input and the information you added to generate the salt.
If both generated hashes match, then the user is authenticated.
EDIT: Yes password_hash is good also.
