I would make the credits an INT. You can just specify when you add the user to the database to start the credits at zero. If you are using a MySQL database you can escape your text using the function mysql_escape_string(). Also after you have verified that your post data is valid you may want to put it into an array, so that you are certain the array contains "clean" data ready to be inserted into the database. Also rather than escaping out of quotes within your sql statement you can use the curly braces for arrays.
Code:
$mysql = array();
$mysql['uname'] = mysql_escape_string( $_POST['uname'] );
$mysql['passwd'] = md5( $_POST['passwd'] );
//and so on for all variables
//I shortened the sql obviously you would add all fields
$sql = "INSERT INTO users ( username, password, credits ) VALUES ( '{mysql['uname']}', '{mysql['passwd']}', '0')";
mysql_query( $sql );