Better to have a procedure for this
CREATE PROCEDURE [dbo].[ResetPassword]
@Username NVARCHAR(50)
,@OldPassword NVARCHAR(50)
,@NewPassword NVARCHAR(50)
AS
BEGIN
SET NOCOUNT ON
IF EXISTS (SELECT * FROM Users where Username =@Username and [Password]=@OldPassword)
BEGIN
Update Users SET [Password]=@NewPassword where Username =@Username and [Password]=@OldPassword
return 1
END
ELSE
BEGIN
return 0
END
SET NOCOUNT OFF
END
In .net code execute the procedure and check for the value
return 1 means reset password successful
return 0 means old password or username is invalid.
Hope this helps if yes then accept and vote the answer
--Rahul D.