Basically, where you do the md5() now, you instead want:
$p_hash = password_hash($p, PASSWORD_BCRYPT);
You'll need to make sure your password column in the DB is long enough to hold the result, which with the BCRYPT option will be 60 characters. You'll then want to use the same thing when validating a login attempt: applying password_hash() to the incoming password so that it will match what's in the DB.