Migrate cod to pdo

Hello friends, I am currently in the process of migrating the codes to PDO , which is why I have seen it as more secure, well I'm going through the validation session for users, I share my code that I used to validate the sessions, what I intend with this is to validate the sessions have a maximum level of security. What could I add, what could I take away? It is always good to listen to advice. This is the part of registering users that I am using

$hash_password= hash('sha256', $_POST['password']);
$sql->bindParam(':hash_password',$hash_password,PDO::PARAM_STR);  

validate session code

<?php
 include("conexion/conexion.php");
$correo = mysql_real_escape_string($_POST["correo"], $link);   
$clave = mysql_real_escape_string($_POST["clave"], $link);
$sql_user = "SELECT correo FROM usuarios WHERE correo = '$correo' LIMIT 1";
$exec = mysql_query($sql_user,$link);
if(mysql_num_rows($exec) == 0)
        {
            ?>
<script languaje="javascript">
alert("Email incorrecto");
location.href = "iniciar_sesion.php";
</script>
            <?php
        }


$sql = ("SELECT * FROM usuarios WHERE correo='$correo' AND clave='$clave' AND idnivel='Administrador' ");
    $result = mysql_query($sql,$link);
    if($row = mysql_fetch_array($result))
        {
            session_start();
$_SESSION['id'] = $id;

$_SESSION['correo'] = $correo;
$_SESSION['clave'] = $clave;
$_SESSION['idnivel'] = 'Administrador';
$_SESSION['Administrador'] = $clave;
$_SESSION['nombres'] = $row['nombres'] . ' ' . $row['apellidos'];

$_SESSION['id'] = $row['codusuarios'];


header("Location: admin/home.php");
        }

    else
        {
            ?>
<script languaje="javascript">
alert("Contraseña incorrecta");
location.href = "iniciar_sesion.php";
</script>
            <?php
        }

$sql = ("SELECT * FROM usuarios WHERE correo='$correo' AND clave='$clave' AND idnivel='Secretarias' ");
$result = mysql_query($sql,$link);

    if($row = mysql_fetch_array($result))
        {
            session_start();
$_SESSION['id'] = $id;

$_SESSION['correo'] = $correo; //muestra el login
$_SESSION['clave'] = $clave;//muestra la clave
$_SESSION['idnivel'] = 'Secretarias'; //muestra el nivel del usuario
$_SESSION['Secretarias'] = $correo;
$_SESSION['nombres'] = $row['nombres'] . ' ' . $row['apellidos'];
$_SESSION['cedula'] = $row['cedula'];
$_SESSION['id'] = $row['id'];



            header("Location: secretaria/home.php");
        }

    else
        {
            ?>
                <script languaje="javascript">
                alert("Contraseña incorrecta");
                location.href = "iniciar_sesion.php";
                </script>




    <?php
        }

$sql = ("SELECT * FROM usuarios WHERE correo='$correo' AND clave='$clave' AND idnivel='Usuarios' ");
$result = mysql_query($sql,$link);

    if($row = mysql_fetch_array($result))
        {
            session_start();
$_SESSION['id'] = $id;

$_SESSION['correo'] = $correo;
$_SESSION['clave'] = $clave;
$_SESSION['idnivel'] = 'Usuarios';
$_SESSION['Usuarios'] = $correo;
$_SESSION['nombre'] = $row['nombre'] . ' ' . $row['apellido'];

$_SESSION['id'] = $row['codusuarios'];



            header("Location: usuarios/home.php");
        }

    else
        {
            ?>
                <script languaje="javascript">
                alert("Contraseña incorrecta");
                location.href = "iniciar_sesion.php";
                </script>





            <?php
        }


    mysql_free_result($result);

    mysql_close();
?>