Changing Passwords

[Mencarta]

I have a page to change passwords. This is my script:changepass.php

<?php	require_once("dbconnect.php"); //Include Database Connection Script	session_start();		//Check Fields	if (empty($_POST["username"]) || empty($_POST["password"])) {		echo "Please Fill Out All Fields";		exit;	}	if ($_POST["newpass1"] != $_POST["newpass2"]) {		echo "The Passwords Provided Aren't The Same";		exit;	}		$curpass = sha1($_POST["curpass"]); //Convert Current Password To Sha1	$newpass = sha1($_POST["newpass1"]); //Convert New Password To Sha1	$user = $_SESSION["username"];		$sql = "SELECT * FROM users WHERE username='$_SESSION['username']' and password='$curpass'";	$result = mysql_query($sql);	if (mysql_num_rows($result) == 0) {		echo "Wrong Current Password";		exit;	}	$update = "UPDATE users SET password='$newpass' WHERE username='$user' and password='$curpass'";	$result2 = mysql_query($update);?>

I get this error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /www/zxq.net/p/j/h/pjhdramaclub/htdocs/manage/changepass.php on line 20 Any suggestions?

[Ingolme]

You might want to update this line:

$sql = "SELECT * FROM users WHERE username='$_SESSION['username']' and password='$curpass'";

Since you're already defining a $user variable, you might as well use it:

$sql = "SELECT * FROM users WHERE username='$user' and password='$curpass'";

I'm not sure which one is line 20, but if that's the line, then the probem is most likely because you had the $_SESSION variable without braces {} around it.