I have this code:
<?php
session_start();
if (!isset($_SESSION['user'])){ header("Location: index.php");}
include("db_files/db.php");
include("inc/functions.php");
$oldpass = mysqli_real_escape_string($db, $_POST['oldpass']);
$oldcrypt = encripta_password(mysqli_real_escape_string ($db, $oldpass));
$newpass = encripta_password(mysqli_real_escape_string($db, $_POST['newpass']));
$renewpass = encripta_password(mysqli_real_escape_string($db, $_POST['renewpass']));
$usermail = mysqli_real_escape_string($db, $_SESSION['user']);
$strSQL = "SELECT password FROM usuarios WHERE email = '".$usermail."'";
$query = mysqli_query($db, $strSQL);
$result = mysqli_fetch_array ($query);
if ($result['password'] == $oldcrypt){
if ($newpass == $renewpass){
$strSQL = "UPDATE usuarios SET usuarios.password = '".$newpass."' WHERE usuarios.email = '".$usermail."'";
$query = mysqli_query($db, $strSQL);
if ($db->query($query) === TRUE) {
echo "Updated";
}else{
echo "Not updated". $db->error."<br>";
}
}
}else{
echo "No match password";
}
// $pass = encripta_password("asdasd");
// echo $pass;
?>And when I run it, I get this error:
Not updatedYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1
This same update in the phpmyadmin works correctly (substituting the variables for their value)
I add that if it does the update but I do not know where that error comes from.
This is the encripta_password function:
function encripta_password($password)
{
//$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$saltedPW = $password . PANDAERP_HASH;
$hashedPW = hash('sha256', $saltedPW);
return $hashedPW;
}
define("PANDAERP_HASH", "16a507d6f3da37d8ba00b28bf622d144cba96f65d3a18f8b15911697d6409f0f");