help me!!!!!!!!!

enter code here <?php session_start(); include_once 'dbh.inc.php'; $sql = 'UPDATE users SET user_pwd = '.md5($_POST['password']).' WHERE user_id = '.$_GET['u_id']; if (mysqli_query($conn, $sql)) { header("Location: ../login.php?password change =succesful"); } else { echo "Error updating record: " . mysqli_error($conn); mysqli_close($conn); } ?> the code below is the form to change the password <?php session_start(); ?> <form action="includes/changepwd.inc.php"> <input type="password" name="password" id="password" maxlength="6"> <label for="password"> Type a fake password here</label> <br><input type="submit" value="Submit"> </form> this is how my db looks like user_id user_name user_email user_pwd 1 franklyn eg@gmail notethat my password is hashed 2 ese omeben eg@gmail notethat my password is hashed 3 eddy marti eg@gmail notethat my password is hashed please bear in mind i hashed the user password before storing it in the database anyhelp would be appriciated