Your coding example has many serious issues, and yet it has come up for me in Google search as one of top results. Could you please either rewrite the code or take it offline, so that new PHP developers don't make the same mistakes?

1. You are wide open to SQL Injections and should really use parameterized prepared statements instead of manually building your queries. They are provided by PDO or by MySQLi. Never trust any kind of input, especially that which comes from the client side. Even when your queries are executed only by trusted users, you are still in risk of corrupting your data.
2. Never store passwords in clear text! Only store password hashes. Use PHP's password_hash() and password_verify() . If you're running a PHP version lower than 5.5 (which I really hope you aren't), you can use the password_compat library to get the same functionality.
3. Use utf8mb4 for your DB encoding, rather than latin1. At this day and age users should be able to use full range unicode characters in their usernames.
4. Don't strip off user's passwords before entering them into DB. In fact don't execute htmlspecialchars on the data being entered into DB. The whole purpose of this function is to sanitize data being displayed in HTML!
5. base64_encode is not a hashing mechanism. It should never be used in connection with passwords! It makes no difference whether you do or not, because everyone knows either way that you have used 12345 in your example script.
6. Don't kill your script with die() unless you really, really must! This should only be used if the rest of the script should not be executed, not as a control flow mechanism.