I am having trouble getting this to work I think my error is in the syntax of the prepared statement but I have tried several different methods with no luck. The reason I suspect that the error is in the prepared statement is because it will echo Not a Match on the page if the variables dont match but when they do match it will just give me a blank page with no errors. Here is my code maybe someone can spot the error in the mean time I will keep trying different methods.
function setPass($conn, $userCurrent, $oldPass, $newPass, $verPass)
{
$stmt= $conn->prepare('SELECT `password` FROM `CLL_users` WHERE `user_name`=:userCurrent');
$stmt->execute(array(':userCurrent' => $userCurrent));
while ($pass = $stmt->fetch()){
$oldDbPass = $pass['password'];
}
$new_pass = md5($newPass);
if (md5($oldPass) == ($oldDbPass) && ($newPass) == ($verPass)) {
try{
$stmt= $conn->prepare('UPDATE `CLL_users` SET `password`=:newPass WHERE `user_name`=:userCurrent');
$stmt->execute(array(':newpass' => $new_pass, ':userCurrent' => $userCurrent));
} catch (PDOException $e){
echo 'Connection failed: ' . $e->getMessage();
}
echo "Match";
} else {
echo "Not a Match";
}
}
You’re mistaking parenthesis for backticks. Use backticks “`” to escape table and column names in SQL.
You also have several typos:
$newPassis declared as camelCase, but used as$new_passin your secondexecutestatement.:newPassand using it as:newpassin theexecuteFor the future, read about error checking/handling in PDO: