How to echo variables in a page outside of a function without using global

Question

I have an edit form which should be showing users details in a form once they have logged in and want to edit their details. If I use code in the actual page itself I have no problem, but I have put everything in a function and can't use the variables inside the form. How can I do this without using global?

The function:

function updateProfile($link){



    $sql = "SELECT user_firstname, user_lastname, user_email 
            FROM `users` 
            WHERE user_username = '{$_SESSION['username']}'";
    $result = $link->query($sql);
    if($result->num_rows === 1){
        while($row = $result->fetch_assoc()){

            $db_firstname = htmlentities($row['user_firstname']);
            $db_lastname = htmlentities($row['user_lastname']);
            $db_username = htmlentities($_SESSION['username']);
            $db_email = htmlentities($row['user_email']);
            $db_userid = $row['user_id'];
        }
    }


    $message = "";

    if(isset($_POST['updateprofile'])){

        if(empty($_POST['user_firstname'])) {

            $message .= "First name required<br>";
        }

        if(empty($_POST['user_lastname'])) {

            $message .= "Last name is required<br>";
        }

        if(empty($_POST['user_username'])) {

            $message .= "Username is required<br>";
        }

        if(empty($_POST['user_email'])) {

            $message .= "Email address required";
        }

        if(!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {

            $message .= "Email address invalid";
        }

        if(!empty($_POST['someinput'])) {

                $message .= "Be gone spam bot!";
            }

        if ($message) {

            $message = "<div class='alert alert-danger'><strong>There were errors in your form:<br></strong>" .$message. "</div>";

        } else {

            $user_firstname = $link->real_escape_string($_POST['user_firstname']);
            $user_lastname = $link->real_escape_string($_POST['user_lastname']);
            $user_username = $link->real_escape_string($_POST['user_username']);
            $user_email = $link->real_escape_string($_POST['user_email']);


            $update_profile = "UPDATE `users` 
                                SET user_firstname = '$user_firstname', 
                                    user_lastname = '$user_lastname', 
                                    user_username = '$user_username', 
                                    user_email = '$user_email' 
                                WHERE user_id = '$db_userid'";

            if($result = $link->query($update_profile) === TRUE){

                $message = "<div class='alert alert-success>User profile updated</div>";
            }

        }

    }

    return $message;


}

The form:

<form action="" method="post" enctype="multipart/form-data">
    <div class="form-group">
        <label for="firstname">First name</label>
        <input type="text" class="form-control" name="user_firstname" value="<?php echo $db_firstname;?>"> </div>
    <div class="form-group">
        <label for="lastname">Last Name</label>
        <input type="text" class="form-control" name="user_lastname" value="<?php echo $db_lastname;?>"> </div>
    <div class="form-group">
        <label for="Username">Username</label>
        <input type="text" class="form-control" name="user_username" value="<?php echo $db_username;?>"> </div>
    <div class="form-group">
        <label for="form-group">Email</label>
        <input type="email" class="form-control" name="user_email" value="<?php echo $db_email;?>"> </div>
    <div class="form-group">
        <label for="form-group">Password</label>
        <input type="password" class="form-control" name="user_password"> </div>
    <div class="form-group">
        <label for="form-group">Repeat password</label>
        <input type="password" class="form-control" name="password_repeat"> </div>
    <div class="form-group">
        <input type="text" style="display:none" name="someinput"> </div>
    <div class="form-group">
        <input class="btn btn-primary" type="submit" name="updateprofile" value="Update details"> </div>
    <div>
        <?php echo updateProfile($link);?>
    </div>
</form>

Answer 1

Regarding whether you need to change those values:

A) If values outside your function don't need to be able to change:

define constants:

if(!defined('CONSTANT')) {
    DEFINE('CONSTANT', 20);
}

retreive:

if(defined('CONSTANT_NAME')) $value = CONSTANT_NAME;

B) If your values need to be able to change:

Wrap your function into a class, so you get a method updateProfile($link) like this:

class YourClass {

    private $myVariable = 10;

    function updateProfile($link) {

        ...

    }

    function anotherFunction() {

        ...
        // access your property

        $variable = $this->myVariable;

    }
}

OR the only way is to use global as you suggest - but it's not safe at all.