Shouldn't the request look like that :
$sqlPasswordQuery = "SELECT value FROM radcheck WHERE attribute = 'Cleartext-Password' AND value = '$oldpass' AND username = '$userid'";
?
This is basic php string comprehension. You cannot use double quotes in a string that is already delimited by double-quotes. Sou you have to use another string delimiter, as simple quotes, or escape them (\"), so that they are interpreted directly as a character.
