I have a page that allows users to change their email address that they use for my site. When they fill in the form and click submit, the change.email.processor.php is called. However i cannot get it to update the new email. Here is the part in the change.email.processor.php file that is supposed to update the email

$cemail=$_POST['cemail'];
$nemail=$_POST['nemail'];
$password=$_POST['password'];

// select where email and password match
$sql="SELECT * FROM accounts WHERE email='$cemail' and password='$password'";
$result=mysql_query($sql);

$list = mysql_fetch_array($result);

$id = $list['id'];
$email = $list['email'];
$password = $list['password'];

echo $nemail; //i have this in just to check that it is carrying the new email address through from the form, and it is carrying it through

$updatequery = "UPDATE accounts SET email = $nemail WHERE id= $id";

What else should i have for the update code because it is not working at all, can someone please help me with this, thanks in advance and also do i have unnecessary code in anywhere

You need to execute the query:

$updatequery = "UPDATE `accounts` SET email = '$nemail' WHERE id= '$id'"; //add single quotes and backticks as shown
$update_result=mysql_query($updatequery);


TC

Just a note:
Before you do the UPDATE or SELECT query, make sure you add slashes to your data before you query the database. Otherwise, any single quotation can break your SQL query and make your database vulnerable to a hacker.

Just a note:
Before you do the UPDATE or SELECT query, make sure you add slashes to your data before you query the database. Otherwise, any single quotation can break your SQL query and make your database vulnerable to a hacker.

Can you evaluate a little more and show me what you mean