Leaderboard

the posted code contains at least three places where it looks like characters were cut off from wherever this code was copied from, which would be producing fatal php parse/syntax errors. you should have the php error_reporting/display_errors settings in the php.ini on your system so that ALL php errors will get reported and displayed. putting these settings in your code won't help for parse/syntax errors since your code never runs to cause the settings to take effect. next, you have probably 5 times too many queries, code, and variables. some suggestions - use exceptions for database statement errors and in most cases let php catch the exceptions, where it will use its error related settings to control what happens with the actual error information. you can then remove all the error handling logic that you have now. INSERT queries don't have WHERE ... clauses. the account_number column should be added to the list of columns being inserted. don't put external, unknown, dynamic values directly into an sql query statement. use prepared queries. you would also want to switch to the much simpler PDO database extension. don't copy variables to other variables for no reason. you should NOT maintain a balance column in a single row by updating the value. any transaction that increases or decreases an amount should be handled by inserting a new row in the transactions table. the sets of INSERT queries that deducts the amount from the source account and adds the amount to the destination account need to be part of a database transaction, so that they will either both succeed and be committed or they will be rolled back. the post method form processing code should be before the start of the html document and should store any validation error messages in an array, then test/display the contents of this array at the appropriate location in the html document. any header() redirect needs an exit/die statement after it to stop program execution. don't use a loop to fetch a single row of data from a query. just directly execute the fetch statement one time. any dynamic value you output in a html context (email, web page) needs to have htmlentities() applied to it to help prevent cross site scripting.