My reg form

1. <?php
2. session_start();
3.  
4. //connect to database
5. $host = 'localhost';
6. $user = 'root';
7. $password = '';
8. $name = 'registration';
9.  
10. $db = mysqli_connect($host, $user, $password, $name);
11. if (isset($_POST['submit_btn'])) {
12. $username = mysqli_real_escape_string()($_POST['username']);
13. $email = mysqli_real_escape_string($_POST['email']);
14. $password = mysqli_real_escape_string($_POST['password']);
15. $password_again = mysqli_real_escape_string($_POST['password_again']);
16.  
17. if ($password==$password_again) {
18.  
19. //create user.....
20. $password = md5($password); //hash paassword for security reasons
21.  
22. $sql = "INSERT INTO users(username, email, password) VALUES('$username', '$email', '$password')";
23. mysqli_query($db, $sql);
24. $_SESSION['message'] = "You are now logged in";
25. $_SESSION['username'] = $username;
26. header ("location: home.php");
27. } else {
28. $_SESSION['message'] = "Password do not match";
29. }
30. }
31. ?>
32. <html>
33. <head>
34. <title>::Registration Page</title>
35. <h1 style="text-align: center;">Registration Form</h1>
36. </head>
37. <body>
38. <form action="index.php" method="POST">
39. <label>Username</label><br> <input type="text" name="username"><br>
40. <label>Email</label><br> <input type="text" name="email"><br>
41. <label>Password</label><br> <input type="text" name="password"><br>
42. <label>Verify Password</label><br><input type="text" name="password_again"><br>
43. <input type="submit" value="Register" name="submit_btn">
44. </form>
45. </body>
46. </html>