Untitled

<?php
$connect = new mysqli("localhost", "root", "Bismillah1", "capstone");
if ($mysqli->connect_errno) {
    printf("Connection failed: %sn", $mysqli->connect_error);
    die();
}
session_start();

if(isset($_POST["Sign Up"]))
{
    if(empty($_POST["Email"]) || empty($_POST["Password"]))
    {
        echo '<script> alert ("Both Feldsa are required)</script">';
    }
    else
    {
$_SESSION['email'] = $_POST['Email'];
$_SESSION['password'] = $_POST['Password'];
$_SESSION['Repeatpassword'] = $_POST['Repeatpassword'];
$_SESSION['name'] = $_POST['name'];
$_SESSION['weight'] = $_POST['weight'];
$_SESSION['feet'] = $_POST['feet'];
$_SESSION['inches'] = $_POST['inches'];
$_SESSION['age'] = $_POST['age'];
$_SESSION['goal'] = $_POST['Goal'];


// Escape all $_POST variables to protect against SQL injection
$email = $mysqli->escape_string($_POST['email']);
$password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));
$RepPassword = $mysqli->escape_string(password_hash($_POST['Repeatpassword'], PASSWORD_BCRYPT));


$name = $mysqli->escape_string($_POST['name']);
$Weight = $mysqli->escape_string($_POST['weight']);
$feet = $mysqli->escape_string($_POST['feet']);
$inches = $mysqli->escape_string($_POST['inches']);
$age = $mysqli->escape_string($_POST['age']);
$goal = $mysqli->escape_string($_POST['goal']);
$hash = $mysqli->escape_string( md5( rand(0,1000) ) );


// Check if user with that email already exists

// We know user email exists if the rows returned are more than 0
$result = $mysqli->query("SELECT * FROM User WHERE Email_Address='$email'") or die($mysqli->error);
if ( $result->num_rows > 0 ) {

    $_SESSION['message'] = 'User with this email already exists!';


    }
 else { // Email doesn't already exist in a database, proceed...

    // active is 0 by DEFAULT (no need to include it here)
    $sql = "INSERT INTO User (Email_Address, Password, Full Name, Weight, Feet, Inches, Age, Goal, hash) "
            . "VALUES ('$email', 'password', 'name' , 'Weight' , 'feet' , 'inches' , 'age' , 'goal', 'hash')";
    }
    if ( ! $mysqli->query($sql)
    {
        $_SESSION['message'] = 'Registration successfully';
        echo $_SESSION['message'];

        header("location: loginaccount.html");

    }
    }

    else
        {$_SESSION['message'] = 'Registration failed!';
        echo $_SESSION['message'];

        }
}
?>

<?php
if(isset($_POST["login"]))
{
        $email = $mysqli->escape_string($_POST['Email']);
        $result = $mysqli->query("SELECT * FROM User WHERE Email_Address='$email'");
        if ( $result->num_rows == 0 ) { //
        {
            $_SESSION['message'] = "User with that email doesn't exist!";
            echo $_SESSION['message'];
         }
         else {
            $user = $result->fetch_assoc();
                if ( password_verify($_POST['password'], $user['Password']) ) {
                    $_SESSION['email'] = $user['Email_Address'];
                    $_SESSION['name'] = $user['Full Name'];
                        $_SESSION['weight'] = $user['Weight '];

                    $_SESSION['feet'] = $user['Feet '];
                    $_SESSION['inches'] = $user['Inches '];
                    $_SESSION['age'] = $user['Age '];
                    $_SESSION['goal'] = $user['Goal '];
                    $_SESSION['logged_in'] = true;
                    $_SESSION['active'] = $user['Active'];
                    header("location: loginaccount.html");


                 }
}

?>
//<p align ="center"><a href="Register.php">Register</a></p>

I have included the php file in my html file in the following way, I believe the code is right

<!DOCTYPE html>
<html lang="en" dir="ltr">

<?php include 'Caplogin.php';?>
      <head>
        <meta charset="utf-8">
        <meta name="viewport" content = "width=device-width">
        <meta name="description" content="A place where people can take
        fitness to the next level">
        <title>Swole Summer | Account Creation </title>
        <link rel = "stylesheet" href ="./css/style.css">
      </head>