Mysql parameter issue on update. Parameter invalid for some reason

Question

I have a PHP site with a MySQL DB which I've had for some time. Been working fine. I've been asked to make a simple change to allow a non techie user to change a users password.

DB is 'users' field is password and it is a VARCHAR(512). id is autoinc and is mediumint(8) username is unique and VARCHAR(32) When original creating I use $passwordhash = password_hash($postpass, PASSWORD_DEFAULT); $sql = "INSERT INTO users( username, email, validated, password, etc ) VALUES ( '$postname', '$postemail', '$validateemailflag', '$passwordhash', 'etc' )"; Creates account and allows me to login with the username and password.

The users can also modify their passwords with $passwordhash = password_hash($newpass, PASSWORD_DEFAULT); $sql = "UPDATE usersSETpassword= '$passwordhash' WHEREusername = '$loggedin_user'";

Works fine. Now I come to add in a facility for us to change the passwords and I use;

$passwordhash = password_hash($password, PASSWORD_DEFAULT); $sql = "UPDATE usersSETpassword= '$passwordhash' WHEREid = '$id'";

An example is; UPDATE usersSETpassword= '$2y$10$LMVq3s0VNdVlgFPEE5XBE.eFlgo47N2GpoEoojg40up6T8rrfPwuG' WHEREid = '156'

This does not modify the record and returns 0 rows affected. I've taken the UPDATE line to MyPHPAdmin and put it in directly. Still does not update the record. Now here is an interesting part. If I edit the password field. I can remove any single character and it updates the DB. Obviously I can't use it as I have no idea what the password is. Now a final twist. If I edit any character is also works. So I can change it to any other and it is fine. However if it change it to itself or a lower case version it fails again.

Any ideas? I clearly does like the password at all and I have no idea how to progress this.

As it is the SQL itself that is of issue I spent some time in MyPHPAdmin changing the parameters. Changing the password text fixes it but is of no use. I'm puzzled why the changing a character works. Makes me think some kind of checksum but changing an 'F' for an 'f' doesn't work either. Deleting the 'F' or changing it to an 's' works. I've tried lots of different substitutes, number, chars, etc. all work except case changes.