if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) { $password = $mysqli->esc

1. if ( $_SERVER['REQUEST_METHOD'] == 'POST' )
2. {  
3.     $password = $mysqli->escape_string($_POST['old_password']);
4.    
5.     if ( password_verify($password , $_SESSION['password']) ) {
6.         checkPasswordStrength($_POST['new_password']);
7.         $new_password = $mysqli->escape_string(password_hash($_POST['new_password'], PASSWORD_BCRYPT));
8.         $hash = $mysqli->escape_string( md5( rand(0,1000) ) );
9.         $sql = "UPDATE `userdetails` SET `Password`='$new_password', `Hash`='$hash' WHERE Username = '$username'";
10.         if ( $mysqli->query($sql) === True ){
11.             session_unset();
12.             session_destroy();
13.  
14.             header("location: index.php");
15.         }
16.     }
17.     else{
18.         $_SESSION['message'] = "Incorrect Password!";
19.         header("location: error.php");
20.     }
21. }