$usrname_escaped = mysql_real_escape_string ($user_name);
if ($this->user_exists ($user_name)) {
$query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';",
$usrname_escaped = mysql_real_escape_string ($user_name);
if ($this->user_exists ($user_name)) {
$query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';",