0

<?php
require_once('config.php');

$ID=$_SESSION;
$UserID=$_SESSION;
$tbl_name = "tbl_users";
//To check Data Insersion

$Curr_Password=$_POST;
//echo $Curr_Password;
$new_Password=$_POST;

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
mysql_select_db(DB_DATABASE, $link) or die( "Unable to select database");

$query="UPDATE $tbl_name SET Password = '".$new_Password."' WHERE Password='".$Curr_Password."' and id=$ID and Status=1";
echo $query;

$result=mysql_query($query,$link);


if(mysql_num_rows($result) ==1) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}
else
{
echo 'Your Current Password is Wrong. Please Enter correct Password . <a href="ChangePassword.php">Back</a>';
}

mysql_close();
?>

5
Contributors
5
Replies
8
Views
6 Years
Discussion Span
Last Post by vibhaJ
0

The mysql_query function returns false in the event of an error - usually as a result of an error with your query.

Try echoing out the query and run it in phpmyadmin or on the command line to check it works. Alternatively, use the mysql_error function to display the error.

R.

0

Oh, and please make sure you sanitise input coming from the user, in this case $_POST before including it in SQL queries to prevent SQL injection attacks. And it's good practice to hash or encrypt passwords in the database for additional security.

R.

0

Update query does not return any database row...So you should have checked for T/F value instead of
(mysql_num_rows($result) ==1)
//this statement is valid only if your query returning database row..

0

Yes as SRocks said update query does not return any database row. So just replace the following line 38

$result=mysql_query($query,$link);


if(mysql_num_rows($result) ==1) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}

with

$result=mysql_query($query,$link);


if($result) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}

Edited by karthik_ppts: n/a

0

Try this code

$query="UPDATE $tbl_name SET Password = '".$new_Password."' WHERE Password='".$Curr_Password."' and id=$ID and Status=1";
	$result = mysql_query($query) or die('Error : '.mysql_error());

	if(mysql_affected_rows()) 
	{
		echo 'Successfully Updated';
	}
	else
	{
		echo 'Not Updated';
	}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.