I've read parts of your code and it seems quite good.
But there are a few potential problems.
First youre using PDO prepared Statements.
But you directly concat the value in the sql string.
Instead you should use placeholders like descriped in the php manual.
Secondly md5 is outdated and not safe its better to use the new pwassword_hash() function or bcrypt in earlier versions.
meivin123 - 2014-09-22 09:39:21 - In reply to message 2 from António Lourenço
It would be better, too, if you dont instantiate the PDO object in inside your class but outside and then pass it to the constructor (called dependency injection).
So if you have bigger projects you instantiate it once and then pass it to all objects that need it.
So you dont have to change your database login inside your class and you maybe have the oportunity to use diffrent database drivers than mysql (If your used SQL syntax is supported on them).