注册表单验证失败

我为注册表验证编写了此代码，但它不起作用。它只是将数据存储在数据库中，而不进行验证。这是一个注册表单，仅用于练习一些 php，我也想知道这个脚本是否足够安全，可以使用。

<?php
include_once('connection.php');
session_start();
$count_username = "";
$count_email = "";
$count_password = "";
$count_phone = "";
$err_message = array();
if(isset($_POST['submit'])){
// checking post variables and escaping weird characthers
$firstname = mysqli_real_escape_string($connect,$_POST['firstname']);
$lastname = mysqli_real_escape_string($connect,$_POST['lastname']);
$email = mysqli_real_escape_string($connect,$_POST['email']);
$username = mysqli_real_escape_string($connect,$_POST['username']);
$phone = mysqli_real_escape_string($connect,$_POST['phone']);
$city = mysqli_real_escape_string($connect,$_POST['city']);
$address = mysqli_real_escape_string($connect,$_POST['address']);
$bank = mysqli_real_escape_string($connect,$_POST['bank']);
$account = mysqli_real_escape_string($connect,$_POST['account']);
$password = mysqli_real_escape_string($connect,$_POST['password']);
$confirmPass = mysqli_real_escape_string($connect,$_POST['confirmpassword']); 
//form validation
//validating firstname input
if(!empty($firstname)){
$firstname_chk = strip_tags(trim($firstname));
if(strlen($firstname_chk) > 25){
array_push($err_message , 'The maximum length you can use is 25');
}elseif(preg_match('/['^£$%&*()}{@#~?><>,|=_+¬-]/',$firstname_chk) && preg_match('/[0-9]/',$firstname_chk)){
array_push($err_message , 'Only letter are allowed');
}else{
$_firstname = $firstname_chk;
}
}else{
array_push($err_message , 'First Name can not be empty');
}
//validating lastname input
if(!empty($lastname)){
$lastname_chk = strip_tags(trim($lastname));
if(strlen($lastname_chk) > 25){
array_push($err_message , 'The maximum length you can use is 25');
}elseif(preg_match('/['^£$%&*()}{@#~?><>,|=_+¬-]/',$lastname_chk) && preg_match('/[0-9]/',$lastname_chk)){
array_push($err_message , 'Only letter are allowed');
}else{
$_lastname = $firstname_chk;                
}
}else{
array_push($err_message , 'Last Name can not be empty');
}
//validating email input
if(!empty($email)){
if(preg_match( '/^[w-.]+@([w-]+.)+[w-]{2,4}$/',$email)){
$email_query = mysqli_query($connect,"SELECT * FROM Byers WHERE Email = '$email' ");
$count_email = mysqli_num_rows($email_query);
if($count_email > 0){
array_push($err_message , 'Email is already used by someone');
}else{
$_email = $email;
}
}else{
array_push($err_message , 'Please use a valid email');
}
}else{
array_push($err_message , 'Email can not be empty');
}
//validating username input
if(!empty($username)){
if(strlen($username) > 10){
array_push($err_message , 'The maximum length you can use is 10');
}else{
$username_query = mysqli_query($connect , "SELECT * FROM Byers WHERE UserName = '$username' ");
$count_username = mysqli_num_rows($username_query);
if($count_username > 0){
array_push($err_message , 'User Name is already used by someone');
}else{
$_username = $username;
}
}
}else{
array_push($err_message , 'Username can not be empty');
}
//validating phone number
if(!empty($phone)){
$number = ereg_replace("[^0-9]", "", $phone);
$numberLen = strlen($number);
if ($numberLen == 10 || $numberLen == 12){
$phone_query = mysqli_query($connect , "SELECT * FROM Buyers WHERE PhoneNo = '$phone' ");
$count_phone = mysqli_num_rows($phone_query);
if($count_phone > 0){
array_push($err_message , 'Phone number is already used');
}else{
$_phone = $phone;
}
}else{
array_push($err_message , 'The phone number is not valid');
} 
}else{
array_push($err_message , 'Phone Number can not be empty');
}
//validating city input
if(!empty($city)){
$city_chk = strip_tags($city);
if(strlen($city_chk) > 25){
array_push($err_message , 'The maximum length you can use is 25');
}elseif(preg_match('/['^£$%&*()}{@#~?><>,|=_+¬-]/',$city_chk) && preg_match('/[0-9]/',$city_chk)){
array_push($err_message , 'Only letter are allowed');
}else{
$_city = $city_chk;
}
}else{
array_push($err_message , 'City can not be empty');
}
//validating address input
if(!empty($address)){
$address_chk = strip_tags($address);
if(strlen($address_chk) > 100){
array_push($err_message , 'The maximum length you can use is 100');
}else{
$_address = $address_chk;
}
}else{
array_push($err_message , 'Full Address can not be empty');
}
//validating bank name input
if(!empty($bank)){
$bank_chk = strip_tags($bank);
if(strlen($bank_chk) > 50){
array_push($err_message , 'The maximum length you can use is 25');
}elseif(preg_match('/['^£$%&*()}{@#~?><>,|=_+¬-]/',$bank_chk) && preg_match('/[0-9]/',$bank_chk)){
array_push($err_message , 'Only letter are allowed');
}else{
$_bank = $bank_chk;
}
}else{
array_push($err_message , 'Bank Name can not be empty');
}
//validating bank account
if(!empty($account)){
$account = ereg_replace("[^0-9]", "", $account);
$accountLen = strlen($account); 
if ($accountLen < 30  or $accountLen > 5) {
$_account = $account;
}else{
array_push($err_message , 'Your bank account is Invalid');
}
}else{
array_push($err_message , 'Bank Account can not be empty');
}
//validating password
if(!empty($password) && !empty($confirmPass)){
if($password === $confirmPass){
if(strlen($password) < 6 && strlen($password) > 25){
array_push($err_message , 'Your password must be between 6 and 25 characthers only');
}else{
if(preg_match('/[a-z]/', $password) && preg_match('/[A-Z]/', $_POST['password']) && preg_match('/d/', $password) && preg_match('/[^a-zA-Zd]/', $password)){
$_password = $password;
$enc_pass = password_hash($_password , PASSWORD_DEFAULT);
}else{
array_push($err_message , 'use : at least 1 - capital letter , 1-special charachter and 1-number');
}
}
}else{
array_push($err_message , 'Please confirm password again');
}
}else{
array_push($err_message , 'Password can not be empty');
}
if(count($err_message)){
$first_query= mysqli_query($connect , "INSERT INTO Buyers values('','$_firstname','_$lastname','_$email','$_username',
'$_phone','$_city','$_address','$_bank','$_account','$enc_pass')");
$_SESSION['username'] = $username;
$_SESSION['success'] = "Registred Sccessfully";
header('location: login.php');
}

}

？>