StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
5752953
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
6
CommunityOwnedDate
CreationDate
2011-04-22T06:42:40.573
FavoriteCount
0
LastActivityDate
2011-04-22T07:08:07.040
LastEditDate
2011-04-22T07:08:07.040
LastEditorUserId
245679
OwnerUserId
245679
ParentId
5752874
PostTypeId
2
Score
1
ViewCount
0
LastEditorDisplayName
text
Body
Your problem lies here - <pre><code>if(!$result) </code></pre> When a user enters a wrong username, the query searches for that user in the database, but won't find one. So the result will contain empty dataset, but the query is still valid, since you can query a database and return empty datasets. So your <code>!$result</code> check will always evaluate to true unless a DB error occurs. Instead of just checking the $result, you should do the following - <pre><code>if($newpassword==$repeatnewpassword) { // User's provided new password and repeatpassword matches, so keep going forward, // query the database. $result = mysql_query("SELECT password FROM $tbl_name WHERE username='$username'"); if($result) { // Database query successful. Now check if that username exists in the database. if(mysql_num_rows($result) <= 0) { // user has provided wrong username, take action accordingly } else { // Username found, now check for old password match $row = mysql_fetch_array($result); if($password==$row['password']) { // User's old password matches with DB. So, update password and // forward him to confirmation page } else { // User's old password doesn't match with db. Show appropriate message } } } else { // Some DB error occurred. Handle it appropriately. } } else { // User's new and repeat password don't match, so take action accordingly } </code></pre> P.S. Your site is vulnerable to <a href="http://en.wikipedia.org/wiki/SQL_Injection" rel="nofollow">SQL Injection</a> attack. You should at least sanitize your input as follows - <pre><code>$username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $newpassword = mysql_real_escape_string($_POST['newpassword']); $repeatnewpassword = mysql_real_escape_string($_POST['repeatnewpassword']); </code></pre> To know more, go here: <a href="http://php.net/manual/en/function.mysql-real-escape-string.php" rel="nofollow">mysql_real_escape_string() manual</a>. Also storing passwords in database in plain old text format is another bad idea. Even you should not be able to see the passwords that your site's user provide. Use <a href="http://php.net/manual/en/function.md5.php" rel="nofollow">md5()</a> function to <a href="http://en.wikipedia.org/wiki/MD5" rel="nofollow">encrypt</a> passwords and then store it in the database.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POphp change password script problems
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USMD Sayem Ahmed
UserOwnerUserId
1. USMD Sayem Ahmed
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.