HELLo!

First off: Show error messages. When I tried to log in using a non-existing username/password, I got nothing. Registered, and tried to log in: Nothing again, and I got no reason for why.

Also, make sure you validate the input, not just escape it. Validation of input should be the first action you do on said input, and show a warning/error message if the input fails outside of expected parametres. Use whitelisting when validating too, blacklisting is like fighting a house fire with a garden hose.

Also found 19 errors with your HTML code, using W3C's HTML validator. I recommend correcting these.

Then I was unable to reach your website, so I guess I'll have to end this here.

Happy codin'!