You run your queries with the same variable $sql. You should call them differentely like that and call them after.
$sql="INSERT INTO donator (nume, prenume, numar_telefon) VALUES ('mysql_real_escape_string($_POST[nume])','mysql_real_escape_string($_POST[prenume])','mysql_real_escape_string($_POST[numar])')";
$sql2="INSERT INTO donatie (suma, data_donatie, IBAN) VALUES ('mysql_real_escape_string($_POST[suma])','mysql_real_escape_string($_POST[data])','mysql_real_escape_string($_POST[iban])')";
Otherwise, you must change your post values by protecting them. Refer here
Then, you have to switch to new mysql syntax for PHP, like mysqli or PDO. THe mysql syntax you are using is deprecated.
