MySQLi_Real_Escape_String() Expects Exactly 2 Parameters, 1 Given

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given... what I do wrong?

You are mixing mysqli and mysql function.

If your are using mysql function then instead mysqli_real_escape_string($your_variable); use

$username = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass1 = mysql_real_escape_string($_POST['pass1']);
$email = mysql_real_escape_string($_POST['email']);

If your using mysqli_* function then you have to include your connection to database into mysqli_real_escape function :

$username = mysqli_real_escape_string($your_connection, $_POST['username']);
$pass = mysqli_real_escape_string($your_connection, $_POST['pass']);
$pass1 = mysqli_real_escape_string($your_connection, $_POST['pass1']);
$email = mysqli_real_escape_string($your_connection, $_POST['email']);

Note : Use mysqli_* function since mysql has been deprecated. For information please read mysqli_*

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in

like the warning says: you are missing an argument in mysqli_real_escape_string, you should add your db connection as an argument:

    $voornaam    = mysqli_real_escape_string($connection, $_POST['voornaam']);

mysqli_real_escape_string() expects exactly 2 parameters, 1 given

Documentation says it needs two parameters:

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

The first one is a link for a mysqli instance, the second one is the string to escape.

Php 5.4 to 7.1 : Mysqli_real_escape_string() 2 parameters, 1 given in

magic_quotes_gpc is deprecated as of PHP 5.3 and removed as of PHP 5.4 ... so your check here is useless ... And keep in mind that your connection string isn't visible inside the function, You'll either have to accept it as an argument or use global keyword which isn't a good solution.

Accepting as an arugment:

function cG($con, $name){
    $name=mysqli_real_escape_string($con, $_GET[$name]);
    return $name;
}

cG($con, 'something');

or using global keyword:

function cG($name){
    global $con;
    $name=mysqli_real_escape_string($con, $_GET[$name]);
    return $name;
}

mysqli_real_escape_string() expects exactly 2 parameters, 1 given Fatal Error

To technically answer this, both of these functions require a db connection be passed and as the first parameter, as per the manuals:

http://php.net/manual/en/mysqli.query.php
http://php.net/manual/en/mysqli.real-escape-string.php

Then in comments you state that you are using PDO to connect with.

Those different MySQL APIs do not intermix. You need to use the same one from connecting to querying. Therefore, if you want to continue to use a PDO connection, you will need to use the PDO functions to query with and not mysqli_*.

Start with the manual: http://php.net/manual/en/book.pdo.php it's all in there.

And for PDO prepared statements:

http://php.net/pdo.prepared-statements

Check for errors also:

http://php.net/manual/en/pdo.error-handling.php (PDO)
http://php.net/manual/en/function.error-reporting.php (PHP)

Passwords

I also noticed that you are attemtpting to store passwords MD5. This is not recommended as it is no longer considered safe to use as a password storing function.

If you are intending on going LIVE with this, don't.

Use one of the following:

CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
On OPENWALL
PBKDF2
PBKDF2 on PHP.net
PHP 5.5's password_hash() function.
Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

Other links:

PBKDF2 For PHP

Important sidenote about column length:

If and when you do decide to use password_hash() or crypt, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.

You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.

As I also stated:

if (isset($_SESSION['user']) != "") will give you a false positive.

The syntax is: if isset AND equals to, and not if isset equals to which is what it is presently being interpreted as.

Use:

if (isset($_SESSION['user']) && $_SESSION['user'] != "")

In regards to your POST arrays.

Make sure the HTML form you are using does use a POST method and that all elements hold their respective name attributes.

I.e.: <input type="text" name="fullname"> etc.

Note that name="fullname" and name="FullName" are two different animals.

Those are case-sensitive.

It is also suggested to add exit; after each header, otherwise your code may want to continue to execute.

header("Location: index.html");
exit;

PHP Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in

You mentioned in a comment that you are using PHP 7.2, so you will have problems using any mysql_ function because this extension is deprecated since 5.5.

You should try using mysqli or PDO instead.

You showed in screenshot that you tried using mysqli_real_escape_string function in line 147 which takes two parameters: 1- the mysqli connection, 2- the string to escape ($data)

You did it like this: $data = mysqli_real_escape_string($_GLOBALS['$con'], $data);

You have two problems here with $_GLOBALS['$con'] it should be $GLOBALS['con'] : the GLOBALS variable without the underscore _ and the key without '$'.

So you should replace the line 147 with:

$data = mysqli_real_escape_string($GLOBALS['con'], $data);

Also I don't know if GLOBALS variable is the safest way to get variables!