You should improve this
<form method="post" action="join.php">
and use something like this which is better
<form name="myform" action="join.php" method="post" enctype="multipart/form-data">
Then in your PHP...
// Sanitize the input, it will return the value or if it fails, the value will be a boolean false
$name = filter_var( $_POST["name"], FILTER_SANITIZE_STRING );
// check if name is false and if it is empty, if so, then die.
if(!$name or empty($name) ) die("empty or failed validation");
// Got here, passed validation, no if's needed, make your query string
$sql = sprintf("INSERT INTO `invetario`( `user`) VALUES ('%s')", mysqli_escape_string($name) );
// make your query
$results = mysqli_query( $db_link, $sql );
In short, whatever it is that you use to link to and query the database with, NogDog has stated that you need to escape the strings for insertion, which is what mysqli_escape_string represents, the sprintf function allows for easier string production and confusion is removed with quotes because of the number of errors that creep in from losing track of if you need a quote, need to escape it or whatever.