Hello, I found this script and have used it for my login system.


I have changed some variables but none the less its the same.

I am trying to create a reset password script here is what i tried so far:

function resetPassword(){

    //Main Info
    $id = $_POST['id']; 
    $email = $_POST['email']; 
    $pass= $_POST['password'];
    //salt and pass info
    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
    $password = hash('sha512', $pass.$random_salt);
    //Run the Query
    $update_stmt = $mysqli->prepare("UPDATE members SET password='$password' AND salt='$random_salt' WHERE id = ?");
    $update_stmt->bind_param('s', $id);
    if($update_stmt->execute()) {
    if(login($email, $password, $mysqli) == true) {
        header('Location: ../signin.php?pass=1'); 
        }else {
        header('Location: ../passreset.php?error=1'); 

but its not updating the password in the database. I have it in a functions.php page to enable it to work and be called. any ideas why its not working?

Can you try mysql at the place of mysqli.
I think this will help.

UPDATE members SET password='$password', salt='$random_salt' WHERE id = ?

The AND is messing it up, thus the query fails.

Ahh thanks pritaeas!, Sikander, mysql is outdated and will not use it. I perfer mysqli or PDO Thanks though.