I have a code below where it displays a list of students in a drop down menu:

Code:
     $validSubmission = isset($_POST['resetpass']) && $_POST['students'] && $_POST['newpass'] && $_POST['confirmpass'];
    
    		
        $sql = "SELECT StudentUsername, StudentForename, StudentSurname FROM Student ORDER BY StudentUsername"; 
        
        $sqlstmt=$mysqli->prepare($sql);
        
        $sqlstmt->execute(); 
        
        $sqlstmt->bind_result($dbStudentUsername, $dbStudentForename, $dbStudentSurname);
        
        $students = array(); // easier if you don't use generic names for data 
        
        $studentHTML = "";  
        $studentHTML .= '<select name="students" id="studentsDrop">'.PHP_EOL; 
        $studentHTML .= '<option value="">Please Select</option>'.PHP_EOL;  
        
        $outputstudent = "";
      
        while($sqlstmt->fetch()) 
        {
    	    
    	$student = $dbStudentUsername;
        $firstname = $dbStudentForename;
        $surname = $dbStudentSurname; 
        
                if (!$validSubmission && isset($_POST['students']) && $student == $_POST['students'])
        {
        $studentHTML .= "<option value='".$student."' selected='selected'>" . $student . " - " . $firstname . " " . $surname . "</option>".PHP_EOL;
    }else{
        $studentHTML .= "<option value='".$student."'>" . $student . " - " . $firstname . " " . $surname . "</option>".PHP_EOL;
    }  
          
        } 
        
        
        $studentHTML .= '</select>';
Now further down the script I have another block of code where it resets the student's password and then performs a select statement to find the student whose password has been changed and then displays the success message:

Code:
    $errormsg = (isset($errormsg)) ? $errormsg : '';
    
    if(isset($_POST['resetpass'])){
    //get the form data
    $studentdrop = (isset($_POST['students'])) ? $_POST['students'] : '';
    $newpass = (isset($_POST['newpass'])) ? $_POST['newpass'] : '';
    $confirmpass = (isset($_POST['confirmpass'])) ? $_POST['confirmpass'] : '';
    
    //make sure all data was entered
    if($studentdrop != ""){
    if($newpass){
    if (strlen($newpass) <= 5){
    $errormsg = "Your Password must be a minimum of 6 characters or more"; 
    }else{
    if($confirmpass){
    if($newpass === $confirmpass){
    
    
    //Make sure password is correct
    $query = "SELECT StudentUsername FROM Student WHERE StudentUsername = ?";
    // prepare query
    $stmt=$mysqli->prepare($query);
    // You only need to call bind_param once
    $stmt->bind_param("s",$studentdrop);
    // execute query
    $stmt->execute(); 
    // get result and assign variables (prefix with db)
    $stmt->bind_result($dbStudentUsername);
    //get number of rows
    $stmt->store_result();
    $numrows = $stmt->num_rows();
    
    if ($numrows == 1){
    //encrypt new password
    $newpassword = md5(md5("93w".$newpass."ed0"));
    
    //update the db
    
    $updatesql = "UPDATE Student SET StudentPassword = ? WHERE StudentUsername = ?";										    
    $update = $mysqli->prepare($updatesql);
    $update->bind_param("ss", $newpassword, $studentdrop);
    $update->execute();
    
    //make sure the password is changed
    
    $query = "SELECT StudentUsername, StudentForename, StudentSurname, StudentPassword FROM Student WHERE StudentUsername = ? AND StudentPassword = ?";
    // prepare query
    $stmt=$mysqli->prepare($query);
    // You only need to call bind_param once
    $stmt->bind_param("ss",$studentdrop,$newpassword);
    // execute query
    $stmt->execute(); 
    // get result and assign variables (prefix with db)
    $stmt->bind_result($dbStudentUsername, $dbStudentForename, $dbStudentSurname, $dbStudentPassword);
    //get number of rows
    $stmt->store_result();
    $numrows = $stmt->num_rows();
    
    if ($numrows == 1){
    $errormsg = "<span style='color: green'>Student " . $studentdrop . " - " . $dbStudentForename . " ". $dbStudentSurname . " has been Registered</span>";
    
    }
    else{
    $errormsg = "An error has occured, the Password was not Reset";
    }
    }
The problem I am getting is my success message.

If I select student: u0867587 - Bill Wright from the drop down menu, it is displaying in the success message:

Student u0867587 - Jack Trone has been Registered

The student's username is correct in the success message but the name is wrong, it should say:

Student u0867587 - Bill Wright has been Registered

Why is it displaying the wrong name in the success meassage and how can I get it to display the correct name?