The code above is not how you're going to find out.
mysqli's biggest improvement is the ability to use prepared statements and use them to separate data from code. That way you avoid sql injections. But the code above is still wide open to sql injection, XSS, and probably a lot more.
Also by now: <center>, <font> really ... it's just sad. Similarly <center><b>.... </center></b> isn't proper nesting And don't get me started on tables holding just one cell.