Member Avatar for dineshsurve

<?php
require_once('config.php');

$ID=$_SESSION;
$UserID=$_SESSION;
$tbl_name = "tbl_users";
//To check Data Insersion

$Curr_Password=$_POST;
//echo $Curr_Password;
$new_Password=$_POST;

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
mysql_select_db(DB_DATABASE, $link) or die( "Unable to select database");

$query="UPDATE $tbl_name SET Password = '".$new_Password."' WHERE Password='".$Curr_Password."' and id=$ID and Status=1";
echo $query;

$result=mysql_query($query,$link);


if(mysql_num_rows($result) ==1) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}
else
{
echo 'Your Current Password is Wrong. Please Enter correct Password . <a href="ChangePassword.php">Back</a>';
}

mysql_close();
?>

  • 5 Contributors
  • 5 Replies
  • 265 Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by vibhaJ

Recommended Answers

All 5 Replies

Member Avatar for blocblue

The mysql_query function returns false in the event of an error - usually as a result of an error with your query.

Try echoing out the query and run it in phpmyadmin or on the command line to check it works. Alternatively, use the mysql_error function to display the error.

R.

Member Avatar for blocblue

Oh, and please make sure you sanitise input coming from the user, in this case $_POST before including it in SQL queries to prevent SQL injection attacks. And it's good practice to hash or encrypt passwords in the database for additional security.

R.

Member Avatar for SRocks

Update query does not return any database row...So you should have checked for T/F value instead of
(mysql_num_rows($result) ==1)
//this statement is valid only if your query returning database row..

Member Avatar for karthik_ppts

Yes as SRocks said update query does not return any database row. So just replace the following line 38

$result=mysql_query($query,$link);


if(mysql_num_rows($result) ==1) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}

with

$result=mysql_query($query,$link);


if($result) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}
Edited by karthik_ppts because: n/a
Member Avatar for vibhaJ

Try this code

$query="UPDATE $tbl_name SET Password = '".$new_Password."' WHERE Password='".$Curr_Password."' and id=$ID and Status=1";
	$result = mysql_query($query) or die('Error : '.mysql_error());

	if(mysql_affected_rows()) 
	{
		echo 'Successfully Updated';
	}
	else
	{
		echo 'Not Updated';
	}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.