Originally Posted by Fou-Lu
This is invalid:
INSERT INTO (feedback title, .... Perhaps you mean
INSERT INTO feedback (title, ...?
Noticed you are using mysqli. You should used prepared statements to save the trouble from needing to run through a real_escape_string. As is, this is open to SQL Injection.
Yes, i also recommend you use:
$name = mysql_real_escape_string( $_POST['name'] );