How to Build a "Link in Bio" Page in PHP — No Registration Required

Build your own no-registration link in bio page from scratch — with PHP and MySQL

If you have ever used Linktree, Bio.link, or any other link in bio service, you already know the drill: before you can publish a single link, you have to create an account. Email address, password, confirmation email, terms of service. All of that before you have done anything useful.

This tutorial builds something different. A link in bio page in PHP where the user publishes their page first and registers never. No account. No email. No credentials stored in any database. Just a page, a recovery link, and full control.

If you want to see a finished working version of this concept before diving into the code, aktar.us is a live service built on exactly these principles.

Requirements:

• A web server with PHP 7.4 or higher
• MySQL database
• Basic PHP and SQL knowledge

Step 1: Design the database

The database has two tables. The first one stores pages. Each page has a unique slug — the personalized part of the URL, like yoursite.com/yourname. It also stores the user's display name, a short bio, a theme preference, and a recovery token. The recovery token is the core of the whole system — it replaces the traditional username and password entirely. Instead of storing credentials, we store a random token that the user receives at publication and keeps privately. No account, no breach risk.

The second table stores links. Each link belongs to a page, has a label and a URL, and a sort order so the user can control the sequence in which links appear.

Step 2: The database connection

We use PDO — PHP Data Objects — for all database interactions. PDO is the recommended approach in modern PHP because it supports prepared statements natively, which protect against SQL injection attacks. We create a single config.php file with the connection logic and include it in every other file. This keeps database credentials in one place and makes the project easier to maintain.

The connection uses UTF-8 encoding and has error mode set to exception, which means any database error will throw a catchable PHP exception rather than failing silently.

Step 3: Building the creation form

The create.php file is where users build their page. The form collects the slug, display name, bio, theme choice, and an arbitrary number of links. JavaScript handles adding new link fields dynamically on the client side — no page reload needed.

When the form is submitted, the server sanitizes all input. The slug is stripped of anything that is not a lowercase letter, number, hyphen, or underscore. All other fields are passed through htmlspecialchars to prevent XSS attacks.

The recovery token is generated using bin2hex(random_bytes(32)) — a cryptographically secure method that produces a 64-character hex string. This token is stored in the database as a hash, not in plaintext. The user receives the raw token once, via the recovery page URL, and that is the only time it exists in an unprotected form.

If the slug is already taken, the database throws a duplicate key exception and the user sees an error message. If everything succeeds, the user is redirected to the recovery page.

Step 4: The recovery page

The recovery page is the most important moment in the user experience. It shows two things: the public URL of the new page, and the recovery link.

The recovery link is the only way to access the edit interface in the future. There is no password reset. There is no "forgot my link" flow. The system does not store the user's email because the user never provided one. The recovery link is the key, and keeping it safe is the user's responsibility.

This sounds like a limitation. In practice, for most users, it is simpler than managing yet another password. The link can be bookmarked, saved in a notes app, or stored in a password manager — exactly where passwords go anyway, but without the overhead of account creation.

Step 5: The public page

The page.php file retrieves the page data from the database using the slug from the URL. It displays the name, bio, and all associated links in the correct order.

It also includes OpenGraph meta tags in the HTML head. These tags control how the page appears when shared on Facebook, WhatsApp, X, LinkedIn, and other platforms that read OpenGraph data. Without them, a shared link shows a blank or generic preview. With them, the preview shows the page name and bio correctly. This is a small addition that makes a significant difference in how the page presents itself across the social web.

Step 6: Deploy and test

Upload all files to your web server and create the database using the SQL from Step 1. Navigate to create.php, fill in your details, add a few links, and publish. You will land on the recovery page with your unique link.

Save that link. Open the public page URL in a new tab. Share it on WhatsApp and verify that the OpenGraph preview appears correctly.

The complete source code for this project is available at ircwebnet.com. For a live working example of the same concept taken further — with themes, font selection, real-time slug availability checking, and sitemap integration is free to use with no registration required.