I made a simple web page for my friend.The purpose of the page is to display some information and allow user to leave a comment.Comments are stored into MySQL database,located on WAMP server,using INSERT INTO and displayed in browser using SELECT * statement.
It works fine on my PC,works on my friends PC.
Now,this friend of mine gave that web page to his profesor and the profesor said that "leaving comments doesnt work"?!
Now I wasnt there when it happend and my friend isnt really into this so he can't really explain what happend and why.
I am asking you to help me a bit.From your experience,what could be the problem?

Thank you!

After I did some thinking,I think I know what the problem is.
Username and Password for accesing MySQL database.
On my PC the username is by default 'root' and I don't use a password.
Oooh,what's the most elegant way of allowing user to input username and password they use,without them doing it "manualy" ??

Never use root access for any script, ever.

Create a new user with read/write rights to the database you need and hard code the credentials into your php script.

If you are set on making users enter credentials to your database to allow input, you could simply have a form and then post the data to a PHP script that handles all of the access.

Well,here's what I tried:
I created a new blank page with a form that requires username and password input.
When the button is clicked,I display the information entered and store it in my configuration.php file.
Then,in my INSERT DATA form,I use include("konfiguracija.php"); at the very top of the script and then I use INSERTINTO...
But,this is what I get:
First it says:
Notice: Undefined index: username in D:\wamp\www\Autopraona\konfiguracija.php on line 3

Notice: Undefined index: password in D:\wamp\www\Autopraona\konfiguracija.php on line 4

Below that:
Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'ODBC'@'localhost' (using password: NO) in D:\wamp\www\Autopraona\konfiguracija.php on line 8
Connection failed!

Now this is my configuration.php:

<?php
$host = "localhost";
$korisnicko_ime = $_POST['username'];
$lozinka = $_POST['password'];


//database connection
$konekcija = mysql_connect($host, $korisnicko_ime, $lozinka)
or die ('Povezivanje nije uspjelo!');
mysql_select_db('comments') or die ('Odabir baze nije uspio!');
echo "Korisnik: " .$korisnicko_ime. ".";
echo "Lozinka: " .$lozinka. ".";
echo "<a href=\"glavna.html\">Idi na glavnu stranicu</a><br/>";
?>


and this is my INSERT script:


<?php

include("konfiguracija.php");

if ( $_POST['Submit'] ) {

if ( $_POST['ime'] == '' ) {
die('Greska: Niste unijeli ime!');
}

if ($_POST['prezime'] == '' ) {
die('Greska: Niste unijeli prezime!');
}

if ($_POST['komentar'] == '' ) {
die('Greska: Niste unijeli komentar!');
}


}


//dodavanje podataka u tabelu...

$upit="INSERT INTO osnovni_podaci (Ime,Datum,Prezime,Komentar) VALUES ('$_POST[ime]',CURDATE(),'$_POST[prezime]','$_POST[komentar]')";
mysql_query($upit) or die("Upit nije uspio: " . mysql_error());
?>


This is my first time using include so if there's something wrong,please let me know.

The undefined index error is because you're not actually posting the data to the script. I would need to see your form to find out why.

The rest of the errors seem to stem from that.

Well,when I enter username and password it connects to database.
This is the form I use to connect to DB:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<table width="619" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutDefaultTable-->
<tr>
<td width="155" height="91">&nbsp;</td>
<td width="464">&nbsp;</td>
</tr>
<tr>
<td height="265">&nbsp;</td>
<td valign="top"><form name="form1" method="post" action="konfiguracija.php">
<p>username:
<input name="username" type="text" id="username">
</p>
<p>password:
<input name="password" type="text" id="password">
<input type="submit" name="Submit" value="OK">
</p>
</form></td>
</tr>
</table>
</body>
</html>

Nothing fancy,as I am still testing it.You can see that the data is sent to konfiguracija.php file.
When I submit the data it brings me to konfiguracija.php where I get the confirmation msg and a link to procede to the main page.
On the main page I have two links.One for leaving comments and other for displaying them.
When I want to leave a comment,I go to another page that has another form for submiting data.I already posted that code in the previous post.And when I click the button to send the data I get the error msg's shown in the above post.

I see that the values I entered in "username" and "password" fields are not present in the corresponding variables once I have submited them to "konfiguracjia.php".
I think that may be the issue but I do not know how to solve it :(

I'm not sure, but it sounds like you're loading the include in both instances. The first instance, after you've submitted the username and password, it connects fine because you've just submitted them and they're in the POST variables.

The second time you submit the comment, there is no $_POST["username"] since you're not posting it.

What you may want to do is place the username and password in a session variable. That way, a user could also leave multiple comments if they wanted without having to log in.

http://www.w3schools.com/PHP/php_sessions.asp

Could use some help with sessions.As far as I understood,sessions are used to transfer variable values between pages.So,I'd like to start a session on my LOGIN page and save the username and password into session variable.So I do it like this:


session_start();
if ( isset($_POST["submit"]))
{
$_SESSION['some_name'] = $_POST['username'];
$_SESSION['some_name'] = $_POST['password'];
}



I use a form to send the values to configuration.php and then I include configuration.php into my INSERT.php

configuration.php:

<?php
session_start();
$host = 'localhost';
$username = $_SESSION['some_name'];
$password = $_SESSION['some_name'];


//database connection
$konekcija = mysql_connect($host,$username,$password)
or die ('Povezivanje nije uspjelo!');
mysql_select_db('comments') or die ('Odabir baze nije uspio!');
echo "Korisnik: " .$korisnicko_ime. ".";
echo "Lozinka: " .$lozinka. ".";
echo "<a href=\"index.html\">Idi na glavnu stranicu</a><br/>";
?>

So,my INSERT.php looks like this:

<?php
include 'konfiguracija.php';

if ( $_POST['Submit'] ) {

if ( $_POST['ime'] == '' ) {
die('Greska: Niste unijeli ime!');
}

if ($_POST['prezime'] == '' ) {
die('Greska: Niste unijeli prezime!');
}

if ($_POST['komentar'] == '' ) {
die('Greska: Niste unijeli komentar!');
}


}


//dodavanje podataka u tabelu...

$upit="INSERT INTO osnovni_podaci (Ime,Datum,Prezime,Komentar) VALUES ('$_POST[ime]',CURDATE(),'$_POST[prezime]','$_POST[komentar]')";
mysql_query($upit) or die("Upit nije uspio: " . mysql_error());
?>




But,as I said before,this doesnt work.So if anyone can spot an error in my code,please reply

Thank you!

Well I don't have time to look through it all right now, but for starters


$_SESSION['some_name'] = $_POST['username'];
$_SESSION['some_name'] = $_POST['password'];
//should be
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];


and


$username = $_SESSION['some_name'];
$password = $_SESSION['some_name'];
//should be
$username = $_SESSION['username'];
$password = $_SESSION['password'];

Well,I gave up on this idea because SESSION doesn't seem to be working,at all.
So instead of using a log-in system I decided to load my configuration.php and show it in a TextArea,allowing the user to edit the "username" and "password" information,and it works fine.
One question:
I have a page that displays some data from a table in MySQL DB.Also,I have a form that has a textbox and a button.I use if for deleting specific rows.For example: there is a row and it has ID=5.So I enter 5 in textfield,click "delete" and my "delete.php" is called...it works fine!But how do I avoid going to "delete.php" after pressing the button?
In my form,I must use action="delete.php".,so using: <?php echo htmlentities($_SERVER['PHP_SELF']); ?> wouldnt work,right?

It sounds like you're only hosting this locally for now, but just a word to the wise that much of your code sounds very unsafe for a public server.

But, in answer to your question...

But how do I avoid going to "delete.php" after pressing the button?


You can either submit your form with AJAX, or perhaps a simpler solution, just have delete.php redirect back to the page it came from when it's finished working. At the bottom of delete.php, you can add this:

header("Location:".$_SERVER[''HTTP_REFERER']);
exit;

You are right, this is very unsafe,but I'm using it only for learning purposes.
If I may correct the code you gave me,just a small correction,it should be:

header("Location:".$_SERVER['HTTP_REFERER']);
exit;

Thank you very much,to all.
I think this is resolved!

double post.....