PHP Kod nasıl daha güvenli hale getirilir?

<?php

$host="localhost";
$db_name="blog";
$username="root";
$password="";

try {
 $conn = new PDO("mysql:host=$host;dbname=$db_name", $username, $password);
 // set the PDO error mode to exception.
 $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 // echo "Connection successfully";
 } catch(PDOException $e) {
 echo "Connection failed: " . $e->getMessage();
 }

<?php
include "../conf/database.php";

$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];

if(isset($_POST["signupBtn"])) {
 if(empty($email) || empty($password) || empty($username)) {
 echo "Email,username or password is required";
 }
 else {
 $query = "INSERT INTO users(user_name,user_mail,user_password) VALUES(:user_name,:user_mail,:user_password)";
 $stmt = $conn->prepare($query);
 $stmt->bindParam(':user_name', $username);
 $stmt->bindParam(':user_mail', $email);
 $stmt->bindParam(':user_password', $password);
 $result = $stmt->execute();
 if($result) {
 echo "User creation successful";
 }
 else {
 echo "Error";
 }

 }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>Sign Up Page</title>
</head>
<body>
 <form method="post">
 <input type="text" name="username" placeholder="Username">
 <input type="email" name="email" placeholder="Email">
 <input type="password" name="password" placeholder="*****">
 <button name="signupBtn" type="submit">Sign Up</button>
 </form>
</body>
</html>

<?php
include "../conf/database.php";

$email = $_POST["email"];
$password = $_POST["password"];

if(isset($_POST["loginBtn"])) {
 if(empty($email) || empty($password)) {
 echo "Email or password is required";
 }
 else {
 $query = "SELECT * FROM users WHERE user_mail = :user_mail AND user_password = :user_password";
 $stmt = $conn->prepare($query);
 $stmt->bindParam(':user_mail', $email, PDO::PARAM_STR); // Specify parameter type.
 $stmt->bindParam(':user_password', password_hash($password, PASSWORD_DEFAULT), PDO::PARAM_STR); // Hash password before binding.
 $stmt->execute();
 $result = $stmt->fetch(PDO::FETCH_ASSOC);
 if($result) {
 // echo "Waiting server..";
 session_start();
 $_SESSION["user_name"] = $result["user_name"];
 $_SESSION["user_mail"] = $result["user_mail"];
 $_SESSION["user_password"] = $result["user_password"];
 $_SESSION["user_created_date"] = $result["user_created_date"];
 header("Location:../account/user.php");
 }
 else {
 echo "Email or password is incorrect";
 }

 }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>login Page</title>
</head>
<body>
 <form method="post">
 <input type="email" name="email" placeholder="Email">
 <input type="password" name="password" placeholder="*****">
 <button name="loginBtn" type="submit">Login</button>
 </form>
</body>
</html>

<?php

session_start();

echo "Mail address:".$_SESSION["user_mail"];
echo "<br>";
echo "Your username:".$_SESSION["user_name"];
echo "<br>";
echo "Your password:".$_SESSION["user_password"];
echo "<br>";
echo "Your account creation date:".$_SESSION["user_created_date"];