<?php
require_once('config.php');

$ID=$_SESSION;
$UserID=$_SESSION;
$tbl_name = "tbl_users";
//To check Data Insersion

$Curr_Password=$_POST;
//echo $Curr_Password;
$new_Password=$_POST;

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
mysql_select_db(DB_DATABASE, $link) or die( "Unable to select database");

$query="UPDATE $tbl_name SET Password = '".$new_Password."' WHERE Password='".$Curr_Password."' and id=$ID and Status=1";
echo $query;

$result=mysql_query($query,$link);


if(mysql_num_rows($result) ==1) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}
else
{
echo 'Your Current Password is Wrong. Please Enter correct Password . <a href="ChangePassword.php">Back</a>';
}

mysql_close();
?>

The mysql_query function returns false in the event of an error - usually as a result of an error with your query.

Try echoing out the query and run it in phpmyadmin or on the command line to check it works. Alternatively, use the mysql_error function to display the error.

R.

Oh, and please make sure you sanitise input coming from the user, in this case $_POST before including it in SQL queries to prevent SQL injection attacks. And it's good practice to hash or encrypt passwords in the database for additional security.

R.

Update query does not return any database row...So you should have checked for T/F value instead of
(mysql_num_rows($result) ==1)
//this statement is valid only if your query returning database row..

Yes as SRocks said update query does not return any database row. So just replace the following line 38

$result=mysql_query($query,$link);


if(mysql_num_rows($result) ==1) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}

with

$result=mysql_query($query,$link);


if($result) //line no 38.
{
echo $UserID. ' , Your Password has Changed Successfully. <a href="WelcomeUser.php?PT=0">Back</a>';
}

Try this code

$query="UPDATE $tbl_name SET Password = '".$new_Password."' WHERE Password='".$Curr_Password."' and id=$ID and Status=1";
	$result = mysql_query($query) or die('Error : '.mysql_error());

	if(mysql_affected_rows()) 
	{
		echo 'Successfully Updated';
	}
	else
	{
		echo 'Not Updated';
	}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.