You never update $userID
after setting it from the session itself. To solve this, fetch
the result and store the fetched id:
$result = $mysqli->query($sql);
if (!$result->num_rows == 1) {
echo "<p>Invalid username/password combination</p>";
} else {
$row = $result->fetch_assoc();
$_SESSION['userID'] = $row['userid']; //case sensitive
//etc.