sub UpdateUserData
{
    my $updateinfoemail = "webpass\@jala-mi.org"; 
	my ($sid, $password,$email,$secret) = @_;
	warn "'$sid'   '$password'  '$email' '$secret'";
	my $SQL = qq|SELECT id FROM $sql_session_table WHERE id = '$sid' |;
	my $sth = ExecuteQuery($SQL);  <=====================Note 1
	my ($tsid, $userid) = $sth->fetchrow_array();
	if (!$tsid) {
        $sth->finish;
        warn("Update user data failed: SID '$tsid'");
		return 0;
	}
	else {
        warn("Locating existing user data succeded: SID '$tsid'");
        $session = OpenSession($dbh,$tsid);
        my $userid = $session->param("user_id");
		my $username = $session->param("username");
        warn("userid: '$userid' username: '$username'");
        if (! defined $userid ){		
          $sth->finish;
          warn("Update user data failed: userid '$userid'");
	      return 0;
        }
		my $passpart = "";
		my $mailpart = "";
		my $secretpart = "";
		if ($password ne "") {
		  $passpart = "password = '$password'";
		}
		if (($email ne "") && ($password eq "")) {
		  $mailpart = "email = '$email'";
		}
        elsif (($email ne "") && ($password ne "")) {
		  $mailpart = ", email = '$email'";
        }
		if (($secret ne "") && ($password eq "") && ($email eq "")) {
		  $secretpart = "secret = '$secret'";
		}
        elsif (($secret ne "") && (($password ne "") || ($email ne ""))) {
		  $secretpart = ", secret = '$secret'";
        }
		my $wherepart = " where  id = '$userid'";
		my $statement = "update $sql_user_table set $passpart $mailpart $secretpart $wherepart";
        $SQL = qq| $statement |;
		warn ("SQL Statement: '$statement'");
		$sth = ExecuteQuery($SQL); <================Note 2
		# success so disconnect and send an e-mail with the misisng information to the user.
        $sth->finish;