UPDATE database - error might be obvious, but I can't see it!

This page is to allow the user to change his password after having previously logged in.

I can’t seem to see why my UPDATE isn’t working … the code is picking up the correct values of the variables from the form, there isn’t any issue with the mySQL query that I can see, but somehow the UPDATE isn’t reaching the database.

I tried other threads on this forum, and stared at the code for hours trying different things, but what I think I really need is a fresh pair of eyes. Can anyone help me please?


	if ($_POST['submit'] == "Change Password") { // form has been submitted
		$errors = array();
		//perform validations on the form data
		$required_fields = array('new_password', 'confirm_password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));

		$fields_with_lengths = array('new_password' => 20, 'confirm_password' => 20);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
		$id = $_POST['id'];
		$new_password = md5(trim(mysql_prep($_POST['new_password'])));
		$confirm_password = md5(trim(mysql_prep($_POST['confirm_password'])));
		// print out passwords to check whether variables have picked up the values
		print("<p class=\\"report\\">$new_password :: $confirm_password</p>");
		if (empty($errors)) { // there are no form errrors
			// the user is already logged in, so his old password does not need to be checked
				if ($new_password == $confirm_password) { // the two instances of new password match
					// print out id to check whether variable has picked up the value				
					print("<p class=\\"report\\">$id</p>");
					$query = "UPDATE users
					SET password = '$new_password'
					WHERE id = '$Id' ";
					$result = mysql_query($query, $mysql_link);
				} else { // the two instances of new password don't match
					$msg = "<p class=\\"message\\">Make sure you type the same new password twice.</p>";
		} else { // there are errors in the form
			if (count($errors) == 1) {
				$msg = "There was 1 error in the form.";
			} else {
				$msg = "There were " . count($errors) . " errors in the form.";
		//header('Location: index.php');


<h2>Change Password</h2>

if (!empty($msg)) {
	echo $msg; 

if (!empty($errors)) { 

<p>Please insert your old password and your new password below:</p>
<form name="add_user" action="change_password.php" method="post">
			<td class="label">Username:</td>
			<td><input type="hidden" name="id" value="<?php print("{$_SESSION['user_id']}"); ?>" />
			<input type="text" name="username" id="username" class="textbox" maxlength="30" value="<?php print("{$_SESSION['username']}"); ?>" /><td>
			<td class="label">New Password:</td>
			<td><input type="password" name="new_password" id="password" class="textbox" maxlength="20" value=""/></td>
			<td class="label">Confirm New Password:</td>
			<td><input type="password" name="confirm_password" id="password" class="textbox" maxlength="20" /></td>
			<td class="label">&nbsp;</td>
			<td><input type="submit" name="submit" id="submit" class="button" value="Change Password"/></td>


$id and $Id are two different variables. You are setting the first and then trying to use the second in the query.

Oops, not intentional. I didn’t even see that typo … thanks so much.