registersecure

<?php
    include "/home/carlton/public_html/PHPproject/includes/PasswordHash.php";

error_reporting(E_ALL); ini_set('display_errors', 1);
if (empty($_POST)){

?>
 <form name="registration" action="registersecure.php" method="POST">
<label for "username">Username: </label>
<input type="text" name="username"/><br />
<label for "password">Password: </label>
<input type="password" name="password"/><br />
<label for "fname">First Name: </label>
<input type="text" name="fname"/><br />
<label for "lname">Last name: </label>
<input type="text" name="lname"/><br />
<label for "email">Email: </label>
<input type="text" name="email"/><br />
<button type="submit">Submit</button>
</form>
<?php
}
else{

    $form = $_POST;
    $username = $form['username'];
    $password = $form['password'];
    $fname = $form['fname'];
    $lname = $form['lname'];
    $email = $form['email'];
    $user = 'root';
    $pass = 'pdt1848!';
    $hash_obj = new PasswordHash(8, false);

    //if (strlen($password)>72){die("Password must be less than 73 characters.");

    $hash = $hash_obj->HashPassword($password);


    //$hash = $hash_obj->HashPassword($password);
    //if (strlen($hash)>=20){

      //  $sql = "INSERT INTO users (password)VALUE($hash) ";
      //  $query = $db->prepare($sql);
      //  $query->execute(array(':password'=>$hash));
    //};


    $db = new PDO('mysql:host=localhost;dbname=phpproject', $user, $pass);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $sql = "INSERT INTO users (username, password, fname, lname, email)VALUES(:username, :password, :fname, :lname, :email)";
    $query = $db->prepare($sql);
    $result = $query->execute(array(':username'=>$username, ':password:'=>$hash, ':fname'=>$fname,
        ':lname'=>$lname, ':email'=>$email));

    if ($result){
        echo "Thanks for registering with us!";
    } else {
        echo "Sorry, an error occurred while editing the database. Contact the guy who built this garbage.";
    };

};
?>