Hi All,

I have a problem when trying to change user account password in my project
I am using Visual Studio 2013 and SQL Server 2012.
This is the code I am using and I don't know to how to adjust it to check for the old password before changing it. please help me with this and I am entirely new to programming.

 Try
            If txtBoxSettingNewPassword.Text = txtBoxSettingConfPassword.Text Then
                con.Open()
                cmd.Connection = con
                cmd.CommandType = System.Data.CommandType.Text
                cmd.CommandText = ("UPDATE [User] " & _
                "SET password = '" & (txtBoxSettingNewPassword.Text) & "'" & _
                "WHERE user_name ='" & (txtBoxSettingUserName.Text) & "';")
                cmd.ExecuteNonQuery()
                MessageBox.Show("password changed successfully")
            Else
                MessageBox.Show("Passwords do not match")
            End If
        Catch ex As Exception
            MessageBox.Show("Something went wrong," & ex.Message)
        Finally
            con.Close()
        End Try

Is it possible to add another "WHERE" condition??
If so how??

What do you mean by

check for the old password before changing it

You can do it by adding an another condition in Where clause.

Try
            If txtBoxSettingNewPassword.Text = txtBoxSettingConfPassword.Text Then
                con.Open()
                cmd.Connection = con
                cmd.CommandType = System.Data.CommandType.Text
                cmd.CommandText = ("UPDATE [User] " & _
                "SET password = '" & (txtBoxSettingNewPassword.Text) & "'" & _
                "WHERE user_name ='" & (txtBoxSettingUserName.Text) & "' And password = '" & (txtBoxSettingOldPassword.Text) & "'")
                cmd.ExecuteNonQuery()
                MessageBox.Show("password changed successfully")
            Else
                MessageBox.Show("Passwords do not match")
            End If
        Catch ex As Exception
            MessageBox.Show("Something went wrong," & ex.Message)
        Finally
            con.Close()
        End Try

Suppose, it can help you.
You must need a textbox/ variable for old/present password.
Secondly I suggest you to use parameterised query to prevent your database from un authorised SQL Injections.