because $group is not defined in the function you would have to either define it our pass it into the function.
function displayUsers($group){
}
also I'd recommend to escape the string to avoid sql injections. see mysql_real_escape_string
$q = "SELECT username,userlevel,email,group FROM ".TBL_USERS." WHERE user= '".mysql_real_escape_string($group)."'";
unless you know for a fact that $group is sanitized you should use mysql_real_escape_string() on any variable that you have gotten from the user. Trusted or not.