<% if session("loginid")="" then response.redirect "login.asp" if request.form("Submit") <>"" then if request.form("new") = request.form("new2") then sqlgetpwd="select password from profile where loginid='"& replace(session("loginid"),"'","''")&"' and password='"& replace(request.form("old"),"'","''")&"'" set rsget=conn.execute (sqlgetpwd) if rsget.eof then messagetext="Old password doesn't match" else sqlupdate = "update profile set password ='" & request.form("new")& "' where loginid='" & session("loginid")& "'" set rsupdate=conn.execute (sqlupdate) messagetext="password Updated Successfully" end if else messagetext="Password confirmation doesn't match" end if end if %> Change password

Change Your Password

 <%=messagetext%>

Old password

New password

Confirm New Password