Well mate seeing your new to php i reccomend you to learn the vulnerability of what is inside of php
just a note to help you a long never use
also be sure to study up on how c99shell are uploaded through php systems.
The most common is from file uploads. Also be sure to secure the script from sql injection a tes perhaps? when ur ready for a demo and if the url has a index.php?something=1 or something near it add a ' at the end of it if a mysql error pops up then it is vulnerable to sql injection also be sure to make it not vulneralbe to blind sql injection
Take a look at this script and implement it into yours