Home/ Questions/Q 6876627
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T04:30:04+00:00

I’m writing a script in PHP to allow a user to change their password.

  • 0

I’m writing a script in PHP to allow a user to change their password. I make them enter their old password (even if they are logged in already) and then the new password. I’m trying to compare the old password and then update the field to the new password without running two separate queries, but my code isn’t working like I expected. Is there a bug here? Or is this not allowed for some reason? What do you suggest?

mysql_query("UPDATE users SET userpass = '$encryptedPW' WHERE userid = '$uid' AND userpass = '$currentPW'");

I could see if mySQL performed the tasks in the order they’re written, but it has to find the line before it can update it, right?

Thank you very much!

Billy

ETA: Sorry! Typo!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What does the actual generated query look like? Did you check if the query query succeeded?

    $result = mysql_query("UPDATE ....") or die(mysql_error());
if (mysql_affected_rows() != 1) {
   die("Failed to change password");
}

    The or die() portion will handle any sql syntax errors, while the affected_rows will check if something did get updated. If the affected row count isn’t 1 (assuming you’re not allowing duplicate username/password pairs), then something didn’t work right. 0 = no affected rows, no changes made. >1 = you’ve got duplicate user/password pairs.

    Also make sure that you’re comparin apples to apples. If you’re storing the passwords in encrypted/hashed form, then you’ll have to compare hashed/encrypted passwords for the results to make sense.

    ... WHERE password='letmein'

    would fail if the password is actually stored as encrypted binary garbage.

    • 0