Concerning the data you're inserting, you should never store passwords as plain text. When your system is compromised, all usernames and passwords are easily readable and this will cause huge problems. To handle passwords correctly, have a look at
Password Storage: How to do it.[
^]
Another thing is that you concatenate the input from the user directly to the SQL statement. This leaves you wide open to
SQL injection - Wikipedia[
^]. To prevent this, use bind variables. For more info, see
PHP: mysqli_stmt::bind_param - Manual[
^]
Third observation is the key generation. At the moment you generate a random number you use as the id for the user. There's no guarantee that the number isn't used previously. A better way is to let the database to generate the key. For example if you're using MySQL, have a look at
MySQL :: MySQL 8.0 Reference Manual :: 3.6.9 Using AUTO_INCREMENT[
^]