inserting form data to mysql database (possible scope issue)

Question

Okay, so i believe i am having a scope issue; however, i have tried a number of the solutions i have seen here on stack that were loosely related to what i am trying to do with no success.

I have also attempted to combine all three files into one to see if that would work --also no success.

When i try to submit the form data i get a number of errors such as:

errors:

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given

Warning: mysqli_query() expects parameter 1 to be mysqli, null given

Any advice here would be greatly appreciated

Setup:

1. settings.php (contains defined constants for various things, including host, users, and database name).

2. config.php (contains a connection function).

3. process.php (processes form data).

all three files are located in an includes folder.

settings.php:

 define ('HOST',   'localhost');       //default HOST (change to live server information)
 define ('DB',     'db_name');   //default database (change to live server information)

 //WRITE ACCESS USER
 define ('USER_W', 'uwrite');      //default user name (change to live server information)
 define ('PASS_W', '1234');       //default password (change to live server information)

 //READ ACCESS USER
 define ('USER_R', 'uread');       //default user name (change to live server information)
 define ('PASS_R', '1234');       //default password (change to live server information)

config.php:

 include ('settings.php');
 function connect($userType) {
    if ($userType == 'write') {
        $link = mysqli_connect(HOST, USER_W, PASS_W, DB);
        }
        elseif ($userType == 'read') {
            $link = mysqli_connect(HOST, USER_R, PASS_R, DB);
            }
            if ($link -> connect_error) {
                die('OOPS SOMETHING WENT WRONG!: (' . $link -> connect_errno . ')' . $link -> connect_error);
                }
}

process.php:

 include ('config.php');

 $con = connect('write');
 // Check connection
 if (mysqli_connect_errno())
 {
   echo "Failed to connect to MySQL: " . mysqli_connect_error();
 } 
 else {
     echo "HELLO WORLD!";
     } //remove after testing

 // escape variables for security
 $item        = mysqli_real_escape_string($con, $_POST['item']);
 $description = mysqli_real_escape_string($con, $_POST['description']);
 $price       = mysqli_real_escape_string($con, $_POST['price']);

 $sql="INSERT INTO `menus` (`item`, `description`, `price`)
 VALUES ('$item', '$description', '$price')";

 if (!mysqli_query($con,$sql))
 {
   die('Error: ' . mysqli_error());
 }
 echo "1 record added";

form:

  <form id="insertForm" action="./includes/process.php" method="post">
  <fieldset>
  <legend>Add New Item</legend>

    <p class="red form_P_position">* Denotes required field...</p>
    <p><label for="item" class="mainLabels"><span class="red">*&nbsp;</span>Item:</label>
    <input name="item" id="item" class="mainInputs" type="text" /></p>

    <p><label for="description" class="mainLabels">Description:</label>
    <textarea name="description" id="description" class="mainInputs">
    </textarea></p>

    <p><label for="price" class="mainLabels"><span class="red">*&nbsp;</span>Price:</label>
    <input name="price" id="price" class="mainInputs" type="text" /></p>

    <p><button name="submit" id="submit" class="button" type="submit">
    Add Item
    </button></p>

  </fieldset>

  </form>  

Answer 1

You're not returning $link in the connect function, so $con does not contain a mysqli object. You have to add return $link; at the bottom of your connect() function, then it should work just fine.

function connect($userType) {
if ($userType == 'write') {
    $link = mysqli_connect(HOST, USER_W, PASS_W, DB);
}
elseif ($userType == 'read') {
    $link = mysqli_connect(HOST, USER_R, PASS_R, DB);
}
if ($link -> connect_error) {
    die('OOPS SOMETHING WENT WRONG!: (' . $link -> connect_errno . ')' . $link -> connect_error);
}
return $link;
}