Thanks for the page, it clears things up. The problem is that you are formatting and storing the session variable UserPassword in your update. I could not see anywhere on the page where you were setting this value. Normally you would have a password type of input that would hold the user's new password, then use the encrypted format of this password to store in the db.
If the password should be in the session variable and it is not then you may need to start the session above the update. You can do a check and start the session like this:
if(!session_id()) session_start();
Please post back and let us know if you have any further problems with it. If you do also include some more details about the UserPassword session variable or whatever value you are using for the new password.