What are best practices for validating and sanitizing user input in PHP registration forms?

// Validate and sanitize user input for registration form
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);

// Check if all required fields are filled
if(empty($username) || empty($email) || empty($password)) {
    // Handle error, display message to user
}

// Check if email is valid
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    // Handle error, display message to user
}

// Sanitize input before storing in database
$username = mysqli_real_escape_string($conn, $username);
$email = mysqli_real_escape_string($conn, $email);
$password = password_hash($password, PASSWORD_DEFAULT);

// Insert user data into database
$query = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password')";
mysqli_query($conn, $query);

// Redirect user to success page
header("Location: registration_success.php");