UPDATE password in mySQLDatabase with PHP

Question

I am trying to update the password of the table 'nbk6_user'.

when the script is launched I get the error: "Fehler"

Am I doing the mysql_query right?

Can anybody help me please?

<?php
include 'conf.php';
$connection = mysql_connect("****", "****", "****");
mysql_select_db($datenbank);
session_start();

if(!isset($_SESSION["name"]))
{
    die("Für diese Seite musst du dich zuerst anmelden!");
}
$name = $_SESSION["name"];

$pw1 = $_POST["pw1"];
$pw2 = $_POST["pw2"];

$pw1 = trim($pw1);
$pw2 = trim($pw2);

if($pw1 == "")
{
die("Kein Passwort gesetzt.");
}

if($pw1 == $pw2)
{
    $query = mysql_query("UPDATE nbk6_user SET password='$pw1', WHERE name='$name'");
    if(!$query)
    {   
        echo "Fehler";
    }
}
else
{
    echo "Die Passwörter stimmen nicht überein";
}
?>

Answer 1

At first :

session_start(); must be the first line in your code.

Then

 $query = mysql_query("UPDATE nbk6_user SET password='$pw1', WHERE name='$name'");
must be
$pw1=md5($pw1);
 $query = mysql_query("UPDATE nbk6_user SET password='$pw1' WHERE name='$name'");

Answer 2

Error in the query use this

$query = mysql_query("UPDATE nbk6_user SET password='".$pw1."' WHERE name='".$name."'");

Also read the first answer here, this will brief you why you should not use mysql_* and use mysqli and PDO , taking care of sql injections.

Answer 3

You have a dangling comma:

... SET password='$pw1', WHERE ...
                       ^---

Answer 4

You shouldn't have a coma after SET and it's best to avoid inserting the variables inside a string, when dealing with MySQL queries (or any strings really, it's bad practice).

Try:

$query = mysql_query("UPDATE nbk6_user SET password='".$pw1."' WHERE name='".$name."'");
if(!$query)
{   
    mysql_error();
    echo "Fehler";
}

if the changed query doesn't fix it mysql_error() will explain where the issue is.

Answer 5

try see the error with mysql_error, but I think that u are putting "," after password='$pw1' I think so just try it