Creating a function to update table PHP SQL

Question

I have some code that currently works but I need to turn it into a function in my users class. This is the SQL which I want to turn in to a function

 if(isset($_POST['teams'])){
        $stmt = $DB_con->prepare("UPDATE users SET team_id= '$playerteam' WHERE user_id = $user_id ");
             $stmt->execute();
        }
         if(isset($_POST['leaveteam'])){
        $stmt = $DB_con->prepare("UPDATE users SET team_id= 0 WHERE user_id = $user_id ");
             $stmt->execute();
        }
    $stmt = $DB_con->prepare("SELECT * FROM teams
    INNER JOIN users
    ON teams.id=users.team_id
    ORDER BY team_name ASC");
    $stmt->execute();
    $teamRow=$stmt->fetchall(PDO::FETCH_ASSOC);?>

I tried this but I could not get the function to update the team_id

   public function joinTeam($playerteam)
   {
        if(isset($_POST['teams'])){
    $stmt = $DB_con->prepare("UPDATE users SET team_id= '$playerteam' WHERE user_id = $user_id ");
         $stmt->execute();
   }

Would anyone be able to help me turn this sql in to a function, thanks.

Answer 1

$user_id and $DB are not seen inside the function. In PHP only variables that were declared inside the function are visible in it, unless they are explicitly declared global. You have two ways to address it:

1. Pass $user_id and $DB as arguments to your function:

public function joinTeam($DB, $user_id, $playerteam)
{
    ...

2. Make your user_id and DB global. Beware that this is considered to be bad practice (and it would also be inconsistent with the fact that you pass playerteam as an argument):

public function joinTeam($playerteam)
{
    global $user_id;
    global $DB;
    ...

Also note that the way you execute your queries is prone to sql-injections. See this stackoverflow answer for details and how to avoid it: How can prepared statements protect from SQL injection attacks?