0

Hello newbie wanted to ask what i am doing wrong as I tried couple different setups nothing works this seems close to work but not sure how to SET hasshed password maybe that is a mistake. As an idea update user password using session username. a bit lost here.

$password = $_POST['newpassword'];
$confirm_password = $_POST['rnewpassword']; 

if($password == $rnewpassword){

    $stmt = $con->prepare("UPDATE password SET password=$password WHERE username=$_SESSION['name']");
    $password = password_hash($_POST['newpassword'], PASSWORD_DEFAULT);
    $stmt->bind_param('s', $password);
    $stmt->execute();
} else {
     echo 'nexuja';
     exit();
}
$con->close();

UPDATE ANSWER IS HERE! NICE TO LEARN! THX FOR HELP!

$passwordd = $_POST['newpassword'];
$rnewpasswordd = $_POST['rnewpassword']; 

if($passwordd == $rnewpasswordd){

    $stmt = $con->prepare('UPDATE users SET password=? WHERE username=?');
    $username = $_SESSION['name'];
    $password = password_hash($_POST['newpassword'], PASSWORD_DEFAULT);
    $stmt->bind_param('ss', $password, $username);
    $stmt->execute();
    $_SESSION["error"] = $error;
    header("location: settings.php");
} else {
     echo 'nexuja';
     exit();
}
  • 2
    Use prepared statements and you won't face that kind of problem. Also consider checking for errors when you prepare or execute a query. – GMB Oct 23 '20 at 23:38
  • Also is this is not a prepared statement? –  Oct 24 '20 at 00:09

0 Answers0