update password script

[WatsonN]

I have a script to let the user update their password, when I submit it i get a 500 error and I'm not sure.

 

Here is the code:

If (isset($_POST['update-password'])) {
 	//This makes sure they did not leave any fields blank
if (!$_POST['oldpw'] || !$_POST['pass'] || !$_POST['pass2'] ) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= "You did not complete all of the required fields";
		$error .="</span>";
		setcookie('Errors', $error, time()+20);
	header('Location /useredit.php');
	exit;
	}

// checks if the password is correct
	$pass = md5($_POST['pass']);
	if (!get_magic_quotes_gpc()) {
		$pass = addslashes($pass);
	}
		$check = mysql_real_escape_string("SELECT * FROM YBK_Login WHERE pass = '{$pass}'");
mysql_query($check) or die( 'Query string: ' . $check . '<br />Produced an error: ' . mysql_error() . '<br />' );


// this makes sure both passwords entered match
	if ($_POST['pass'] != $_POST['pass2']) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= 'Your passwords did not match.';
		$error .="</span>";
		setcookie('Errors', $error, time()+20);
	header('Location: /useredit.php');
	exit;
	}

	// here we encrypt the password and add slashes if needed
	$_POST['pass'] = md5($_POST['pass']);
	if (!get_magic_quotes_gpc()) {
		$_POST['pass'] = addslashes($_POST['pass']);
		$_POST['pass2'] = addslashes($_POST['pass2']);
			}


// now we insert it into the database
mysql_real_escape_string($insert = "UPDATE `YBK_Login` SET `pass` = '{$_POST['pass']}', `HR` = '{$_POST['pass2']}', `comment` = '{$_POST['oldpw']}' WHERE `ID` = {$_COOKIE['UID_WatsonN']}");
mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );
 $error="<span style=";
 $error .="color:green";
 $error .=">";
 $error .= "<p>Thank you, your password has been updated.</p>";
 $error .="</span>";
 setcookie('Errors', $error, time()+20);
 header('Location: /useredit.php');
 exit;
  }