You should not be injecting user's inputs directly into any sql statement, that makes your application vulnerable to
SQL Injection[
^].
Change your sql statement to a prepared statement like this:
$sql = "INSERT INTO registration UserName, Email, user_password) VALUES (?, ?, ?)";
if (!($stmt = $mysqli->prepare($sql))) {
die("Prepare failed: ".$mysqli->errno);
}
if (!$stmt->bind_param('sss', $uname, $email, $password)){
die("Binding parameters failed: ".$stmt->errno);
}
if (!$stmt->execute()) {
die("Insert registration table failed: ".$stmt->errno);
}