<?php { $username = mysql_real_esc

1. <?php
2. {
3. $username = mysql_real_escape_string($_POST['username']);
4. $password = mysql_real_escape_string($_POST['password']);
5. if(empty($username)){
6. echo '<div class = "alert">You have not entered a username??</div>';
7. }
8.  
9. else if(empty ($password)){
10. echo '<div class = "alert">You have not entered a password??</div>';
11. }
12.  
13. else if(!isset($username) || !ctype_alpha($_POST['username'])){
14. echo '<div class = "alert">Username can only contain letters.</div>';
15. }
16. mysql_query( "UPDATE users SET password = '" . $core->hashed($password) ."' WHERE username = '{$username}'" );
17. mysql_query($q_editn);
18. }
19. }?>
20. <br>
21. <form method = "post">
22. <input type = "text" name = "username" value = "<?php echo $_POST['username']; ?>" placeholder = "Username"></br></br>
23. <input type = "password" name = "password" placeholder = "Password"></br></br>
24. <input type = "submit" name = "change_pw">
25. </form>