Hi All,

I have a problem when trying to change user account password in my project
I am using Visual Studio 2013 and SQL Server 2012.
This is the code I am using and I don't know to how to adjust it to check for the old password before changing it. please help me with this and I am entirely new to programming.

 Try
            If txtBoxSettingNewPassword.Text = txtBoxSettingConfPassword.Text Then
                con.Open()
                cmd.Connection = con
                cmd.CommandType = System.Data.CommandType.Text
                cmd.CommandText = ("UPDATE [User] " & _
                "SET password = '" & (txtBoxSettingNewPassword.Text) & "'" & _
                "WHERE user_name ='" & (txtBoxSettingUserName.Text) & "';")
                cmd.ExecuteNonQuery()
                MessageBox.Show("password changed successfully")
            Else
                MessageBox.Show("Passwords do not match")
            End If
        Catch ex As Exception
            MessageBox.Show("Something went wrong," & ex.Message)
        Finally
            con.Close()
        End Try

Is it possible to add another "WHERE" condition??
If so how??

You can do it by adding an another condition in Where clause.

Try
            If txtBoxSettingNewPassword.Text = txtBoxSettingConfPassword.Text Then
                con.Open()
                cmd.Connection = con
                cmd.CommandType = System.Data.CommandType.Text
                cmd.CommandText = ("UPDATE [User] " & _
                "SET password = '" & (txtBoxSettingNewPassword.Text) & "'" & _
                "WHERE user_name ='" & (txtBoxSettingUserName.Text) & "' And password = '" & (txtBoxSettingOldPassword.Text) & "'")
                cmd.ExecuteNonQuery()
                MessageBox.Show("password changed successfully")
            Else
                MessageBox.Show("Passwords do not match")
            End If
        Catch ex As Exception
            MessageBox.Show("Something went wrong," & ex.Message)
        Finally
            con.Close()
        End Try

Suppose, it can help you.
You must need a textbox/ variable for old/present password.
Secondly I suggest you to use parameterised query to prevent your database from un authorised SQL Injections.

This article has been dead for over six months. Start a new discussion instead.