I'm trying to update the user password in this code. I know it is not reliable since it does not has SQL injection prevention feature, I'm just trying to learn here. anyway, using $_request variable in my code does not work with the database query, it works when I want to display the variable with echo.
PHP code:
$newPassword=$_POST['newPassword'];
$confirmPassword=$_POST['confirmPassword'];
$userID1=$_REQUEST['ID'];
$code=$_GET['$code'];
echo "<h1>Hello " . $userID1 . "</h1>";
if (isset($_GET['submit']))
{
if($newPassword == $confirmPassword ){
mysql_query("UPDATE facultymember SET password='$newPassword' WHERE ID='$userID1'");
$message = "Your password has been updated.";
}
else
{
$message = "New password does not equal Confirm password";
}
}
HTML form:
<form name="frmChange" action='newpass.php' method="GET" onSubmit="return validatePassword()">
<div style="color:red;" "class="message"><?php if(isset($message)) { echo $message; } ?></div>
Enter a new password
<input type="text" name="newPassword">
Re-enter the new password
<input type="text" name="confirmPassword">
<input name="submit" type="submit" value="Save Changes">
</form>
