Is there any bugs in the following script?My script always execute on else part.Thanks...



<?php
include ('dbconn.cfg');// database configuration file
$connection = @mysql_connect("localhost", "root", "") or die("Cannot connect to server!");
if (isset($_SESSION['gmemberid']))
{

$tbl_name = "member";
$sql = "SELECT password FROM $tbl_name";

$result = @mysql_query($sql, $connection) or die("Cannot execute query.");
if (isset($_POST['changePw']))
{
if ($result == $_POST['oldPw'])
{
$update = mysql_query("
UPDATE
$tbl_name
SET
password = '" . mysql_real_escape_string($_POST['newPw1']) . "',

WHERE
password = '" . mysql_real_escape_string($_REQUEST['password']) . "',

");
echo($update);
exit();
$changed = mysql_query($update) or die(mysql_error());

//$result = $_POST['newPw1'];
$redirectUrl = "http://localhost/www2/home.html";
print "<script type=\"text/javascript\">";
print "window.location.href = '$redirectUrl'";
print "</script>";
}
else
{
$status = "Wrong Old Password!";// wrong old password
}


}


}
?>

mysql_query() returns a result set, which is never going to be equal to a string.

mysql_query() returns a result set, which is never going to be equal to a string.

Thanks for reply. I am using mysql_result rather than mysql_query now


$oldPw = mysql_result($result,0);
if (isset($_POST['changePw']))
{
if ($oldPw == $_POST['oldPw'])
....


If the page can't execute javascript to redirect, is it mean that having problem in session?I not yet link changePW page to login page together.If after login then I open changePW in another window,will sesion to be continued in the new window?

I'm sorry, I didn't understand your question. Can you rephrase?

I'm sorry, I didn't understand your question. Can you rephrase?

Simply mean that I can only change password after login but now do these 2 tasks in different windows,can the session that contain login data being passed through windows?

Yes, the session will exist on any request made after the session was established.