Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 98
  • Last Modified:

How to echo variables in a page outside of a function

I have an edit form which should be showing users details in a form once they have logged in and want to edit their details. If I use code in the actual page itself I have no problem, but I have put everything in a function and can't use the variables inside the form. How can I do this?

The function:

function updateProfile($link){
	
	
	
	$sql = "SELECT user_firstname, user_lastname, user_email FROM `users` WHERE user_username = '{$_SESSION['username']}'";
		$result = $link->query($sql);
			if($result->num_rows === 1){
				while($row = $result->fetch_assoc()){
					
					$db_firstname = htmlentities($row['user_firstname']);
					$db_lastname = htmlentities($row['user_lastname']);
					$db_username = htmlentities($_SESSION['username']);
					$db_email = htmlentities($row['user_email']);
					$db_userid = $row['user_id'];
				}
			}

	
	$message = "";
	
	if(isset($_POST['updateprofile'])){
		
		if(empty($_POST['user_firstname'])) {
			
			$message .= "First name required<br>";
		}
		
		if(empty($_POST['user_lastname'])) {
			
			$message .= "Last name is required<br>";
		}
		
		if(empty($_POST['user_username'])) {
			
			$message .= "Username is required<br>";
		}
		
		if(empty($_POST['user_email'])) {
			
			$message .= "Email address required";
		}
		
		if(!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {

			$message .= "Email address invalid";
		}
		
		if(!empty($_POST['someinput'])) {
				
				$message .= "Be gone spam bot!";
			}
		
		if ($message) {
			
			$message = "<div class='alert alert-danger'><strong>There were errors in your form:<br></strong>" .$message. "</div>";
			
		} else {
			
			$user_firstname = $link->real_escape_string($_POST['user_firstname']);
			$user_lastname = $link->real_escape_string($_POST['user_lastname']);
			$user_username = $link->real_escape_string($_POST['user_username']);
			$user_email = $link->real_escape_string($_POST['user_email']);
			
			
			$update_profile = "UPDATE `users` SET user_firstname = '$user_firstname', user_lastname = '$user_lastname', user_username = '$user_username', user_email = '$user_email' WHERE user_id = '$db_userid'";
				
			if($result = $link->query($update_profile) === TRUE){
				
				$message = "<div class='alert alert-success>User profile updated</div>";
			}
			
		}
	
	}
	
	return $message;
	
	
}

Open in new window


The form:

<form action="" method="post" enctype="multipart/form-data">
	<div class="form-group">
		<label for="firstname">First name</label>
		<input type="text" class="form-control" name="user_firstname" value="<?php echo $db_firstname;?>"> </div>
	<div class="form-group">
		<label for="lastname">Last Name</label>
		<input type="text" class="form-control" name="user_lastname" value="<?php echo $db_lastname;?>"> </div>
	<div class="form-group">
		<label for="Username">Username</label>
		<input type="text" class="form-control" name="user_username" value="<?php echo $db_username;?>"> </div>
	<div class="form-group">
		<label for="form-group">Email</label>
		<input type="email" class="form-control" name="user_email" value="<?php echo $db_email;?>"> </div>
	<div class="form-group">
		<label for="form-group">Password</label>
		<input type="password" class="form-control" name="user_password"> </div>
	<div class="form-group">
		<label for="form-group">Repeat password</label>
		<input type="password" class="form-control" name="password_repeat"> </div>
	<div class="form-group">
		<input type="text" style="display:none" name="someinput"> </div>
	<div class="form-group">
		<input class="btn btn-primary" type="submit" name="updateprofile" value="Update details"> </div>
	<div>
		<?php echo updateProfile($link);?>
	</div>
</form>

Open in new window

0
Black Sulfur
Asked:
Black Sulfur
1 Solution
 
Mukesh YadavFull Stack DeveloperCommented:
You can make variables global you want to use in form to echo their values and there is no need of while statement:
$row = $result->fetch_assoc();

Open in new window

will also work.
0
 
zephyr_hex (Megan)DeveloperCommented:
You might consider creating an object outside of the function and update it inside the function.  This is a step towards OOP.
0
 
Black SulfurAuthor Commented:
I want to try achieve it without using global as I believe it isn't great to use that.
0
 
RobOwner (Aidellio)Commented:
you don't, you return the variables from the function (i use an associative array) and use them like that.

So you'll see that instead of echo updateProfile, it's now echo $form_vars['message']
I can't see anywhere (unless i've missed it) you've included userid so you might want to add that in as a sure way of identifying the data coming back?

<?php include 'functions.php' ?>

<?php 
// $link should be available from your functions.php
$form_vars = updateProfile($link);
// $form_vars will contain an associative array (see new updateProfile function below)

?>
<form action="" method="post" enctype="multipart/form-data">
	<div class="form-group">
		<label for="firstname">First name</label>
		<input type="text" class="form-control" name="user_firstname" value="<?php echo $form_vars['firstname'];?>"> </div>
	<div class="form-group">
		<label for="lastname">Last Name</label>
		<input type="text" class="form-control" name="user_lastname" value="<?php echo $form_vars['lastname'];?>"> </div>
	<div class="form-group">
		<label for="Username">Username</label>
		<input type="text" class="form-control" name="user_username" value="<?php echo $form_vars['username'];?>"> </div>
	<div class="form-group">
		<label for="form-group">Email</label>
		<input type="email" class="form-control" name="user_email" value="<?php echo $form_vars['email'];?>"> </div>
	<div class="form-group">
		<label for="form-group">Password</label>
		<input type="password" class="form-control" name="user_password"> </div>
	<div class="form-group">
		<label for="form-group">Repeat password</label>
		<input type="password" class="form-control" name="password_repeat"> </div>
	<div class="form-group">
		<input type="text" style="display:none" name="someinput"> </div>
	<div class="form-group">
		<input class="btn btn-primary" type="submit" name="updateprofile" value="Update details"> </div>
	<div>
		<?php echo $form_vars['message'];?>
	</div>
</form>

Open in new window


updateProfile function
function updateProfile($link){
	
	
	
	$sql = "SELECT user_firstname, user_lastname, user_email FROM `users` WHERE user_username = '{$_SESSION['username']}'";
		$result = $link->query($sql);
			if($result->num_rows === 1){
				while($row = $result->fetch_assoc()){
					
					$db_firstname = htmlentities($row['user_firstname']);
					$db_lastname = htmlentities($row['user_lastname']);
					$db_username = htmlentities($_SESSION['username']);
					$db_email = htmlentities($row['user_email']);
					$db_userid = $row['user_id'];
				}
			}

	
	$message = "";
	
	if(isset($_POST['updateprofile'])){
		
		if(empty($_POST['user_firstname'])) {
			
			$message .= "First name required<br>";
		}
		
		if(empty($_POST['user_lastname'])) {
			
			$message .= "Last name is required<br>";
		}
		
		if(empty($_POST['user_username'])) {
			
			$message .= "Username is required<br>";
		}
		
		if(empty($_POST['user_email'])) {
			
			$message .= "Email address required";
		}
		
		if(!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {

			$message .= "Email address invalid";
		}
		
		if(!empty($_POST['someinput'])) {
				
				$message .= "Be gone spam bot!";
			}
		
		if ($message) {
			
			$message = "<div class='alert alert-danger'><strong>There were errors in your form:<br></strong>" .$message. "</div>";
			
		} else {
			
			$user_firstname = $link->real_escape_string($_POST['user_firstname']);
			$user_lastname = $link->real_escape_string($_POST['user_lastname']);
			$user_username = $link->real_escape_string($_POST['user_username']);
			$user_email = $link->real_escape_string($_POST['user_email']);
			
			
			$update_profile = "UPDATE `users` SET user_firstname = '$user_firstname', user_lastname = '$user_lastname', user_username = '$user_username', user_email = '$user_email' WHERE user_id = '$db_userid'";
				
			if($result = $link->query($update_profile) === TRUE){
				
				$message = "<div class='alert alert-success>User profile updated</div>";
			}
			
		}
	
	}
	
	return array(
		"message" => $message,
		"firstname" => $db_firstname,
		"lastname" => $db_lastname,
		"username" => $db_username,
		"email" => $db_email,
		"userid" => $db_userid
	);
		
	
	
}

Open in new window

0
 
Black SulfurAuthor Commented:
That worked a treat, thank you! :)
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now