A couple of things.
Quote
$propertypin = ($_POST['propertypin']);
leaves you open the SQL injection, should someone enter a malicious value in your HTML form.
Better is to sanitse the input with something like
$propertypin = mysqli_real_escape_string($mysqli_link, ($_POST['propertypin']));
See php manual for mysqli_real_escape_string()
Second, are you sure that your HTML form is actually including a value in $_POST['propertypin']?
You can temporarily echo your constructed SQL string before you submit it.
$sql = "INSERT INTO `orderform` ( propertypin ) VALUES ('$propertypin')";
echo $sql;
Be aware, that seing as you are trying to store a string, the value should be enclosed in quotes so it is treated as a string, not a number.
If you have admin access to your msql server, you could also turn on logging to see the actual SQL being submitted.
Good luck,
Barry.