Hello!
This piece of code has a number of flaws.
1. Missing
;
at the end of several lines
2. Missing the
$con
parameter for most
mysqli_
functions
3. Mixing
mysql_
and
mysqli_
4. Using
$_post
instead of
$_POST
(capital letters)
The query will fail if any of the POST-values include single-quotes
'
, so either escape them or use prepared statements (see the link "How can I avoid SQL injection in PHP?" at the bottom).
PHP: mysqli::query - Manual[
^]