there would be a related and helpful php error, if php's error_reporting/display_errors were set properly, that would help identify that the problem is most likely due to the wrong format for the 1st bind_param() parameter. this should be a string of just the format specifiers, without commas between them.
next, whatever your sanitize() function code is doing, it is either one or all of - ineffective, insecure, or redundant and is probably not needed. could you post the code for the sanitize() function.
the current code will allow empty value(s) to be used for all the fields (an empty username won't match any existing user and an empty password will be equal to an empty confirmation password.)
you should validate all the inputs before using them and validate all the inputs at once. you are only validating some of the data and you are stopping at the first validation error, so it will take multiple form submissions to validate all of the data, but since you are redirecting back to the form, the user must keep filling in all the form values after each error, which will increase the likely-hood of introducing more errors.
you should put the form processing code and the form on the same page so that you can display all the validation errors when you re-display the form and you can populate the form fields with the existing values so that the user doesn't need to keep re-tying in all the values when there is a validation error.
edit, you should also list the column names in the INSERT query so that your code will be self-documenting and will still work if the columns get rearranged.
Edited by mac_gyver, 05 May 2018 - 11:51 AM.
multi-purpose programming fool. well written source-code should be self-documenting. well written code should be self-troubleshooting.