This question already has an answer here:
`password is updating with empty value! old password is replaced with empty value!!
$email = $_POST['email'];
$password = $_POST['password']; //old password
$new = $POST['new']; //new password
//table name is users
$stmt = $db->prepare("SELECT * FROM users WHERE email=:email_id");
//checking email and password
$stmt->execute(array(":email_id"=>$email));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if(($userRow['email'] === $email)&&($userRow['password'] === $password))
{
$doneQuery = $db->prepare("
UPDATE users
SET password = :new
WHERE email = :emailid" );
$doneQuery->execute([":newPassword"=>$new,
":emailid"=>$email]);
}
You are updating your database using $newpassword but you declare it at the top as $new, thus meaning if is a empty variable and entering it blank You also missed the under score from the post So change
$new = $POST['new'];
To
$newPassword = $_POST['new'];
$email = $_POST['email']; $password = $_POST['password']; //old password $newPassword= $_POST['new']; //new password //table name is users $stmt = $db->prepare("SELECT * FROM users WHERE email=:email_id"); //checking email and password $stmt->execute(array(":email_id"=>$email)); $userRow=$stmt->fetch(PDO::FETCH_ASSOC); if(($userRow['email'] === $email)&&($userRow['password'] === $password)) { $doneQuery = $db->prepare(" UPDATE users SET password = :newPassword WHERE email = :emailid" ); $doneQuery->execute([":newPassword"=>$new, ":emailid"=>$email]); }