function updatePassword($id,$npassword)
{
if(mysql_query("UPDATE `users` SET `password`='".$npassword."' WHERE `id`=".$id))
return true;
else
return false;
}
<div class="settingform">
<form action="setting.php?update=password" method="post">
<h2>Past Password:</h2> <input type="password" maxlength="100" name="p1" value="" /><br />
<h2> New Password:</h2> <input type="password" maxlength="100" name="p2" value="" /><br />
<input type="submit"name="newpasswordSubmit" value="Save" /><br /><br />
</form>
<?php
if(isset($_GET['update']) && $_GET['update']=="password")
{
$ppassword = trim(mysql_real_escape_string(md5($_POST['p1'])));
$npassword = trim(mysql_real_escape_string(md5($_POST['p2'])));
$errors = array();
if(strlen($npassword)>100)
$errors = "your EMAIL is too long";
if($ppassword !== $password)
$errors = "Password did not match";
if(empty($errors))
{
strong text if(updatePassword($settingUsersData['id'],$npassword)) echo "Updated!";
else
echo "An Error Has Occurred!";
}
else
foreach ($errors as $e)
echo $e."<br/>";
}
?>
</div>
I think the problem is in your update function Remove quotes from the field names.
function updatePassword($id,$npassword)
{
$sql = "UPDATE users SET password='".$npassword."' WHERE id=".$id);
$result=mysqli_query($connection, $sql)
$affected_rows=mysqli_affected_rows($result);
if($affected_rows==1){
return true;
}else{
return true;
}
}
I can't see a place in your code that you make a call to this function. Call the function where necessary. (Please do not use mysql. It is deprecated as of PHP 5.5.0, and will be removed in the future.)