It's great that you have solved this issue, but I did notice a massive security issue with your code. You're creating a query by appending the values of query parameters directly in your query. That's an SQL injection attack waiting to happen. You should make sure that the values are escaped. There are a few ways:
1) Use PDO instead of mysqli. PDO is a layer on top of mysqli (or whatever database you're using) that provides a lot of extra features. One of these features is parameter binding - in your query you put a place holder, and then you bind a value to the place holder. See http://php.net/manual/en/pdostatement.bindparam.php for more information.
2) Use mysqli's own parameter binding: http://php.net/manual/en/mysqli-stmt.bind-param.php.
Now I suggest using PDO first, because it will allow you to switch databases much easier.