getting parse error in php file

Question

I have written some codes in php. Sample code fragment is given below:

    include('config.php');
    require_once "variables.php";

    global $uploadID = " " ;    //getting error in this line

    function uploadImage($wtI,$tbln,$pri,$db){
        if(is_array($_FILES)) {
        if(is_uploaded_file($_FILES['image']['tmp_name'])) {
            $sourcePath = $_FILES['image']['tmp_name'];
            $targetFolder = "../upload_images/$wtI/";
            if (!file_exists($targetFolder)) {
                mkdir($targetFolder, 0777, true);
            }
            $targetPath = $targetFolder.$_FILES['image']['name'];
            while(file_exists($targetPath)){
                $targetPath = $targetFolder.uniqid().'-'.$_FILES['image']['name'];
            }
            if(move_uploaded_file($sourcePath,$targetPath)){

                $sql = "UPDATE `$tbln` SET image='".substr($targetPath,3)."' WHERE $pri=$uploadID;";
                $result=mysqli_query($db,$sql);
                return true;
            }
            else return false;
        }
    }
 }

The problem is I am getting the following error message while I run my php file:

Parse error:syntax error, unexpected '=', expecting ',' or ';' in C:\wamp64\www\project\php\additem.php on line 6

Is there any solution to this error?

Possible duplicate of [Reference - What does this error mean in PHP?](https://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) — IncredibleHat, Jun 29 '18 at 17:50
You can't declare a variable as global *in* the global namespace because it's already global if it's there. Also, don't use globals, pass the value in as a function parameter. — Alex Howansky, Jun 29 '18 at 17:52
And your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Jun 29 '18 at 17:53
I've learned to loath `global` ... I was one of the cool kids in the day thinking it was great to do, peer pressure and all that... but then I wised up. — IncredibleHat, Jun 29 '18 at 17:55
why can't you pass that variable as a parameter? just as you did with the other parameters passed? — Rotimi, Jun 29 '18 at 17:55

score 1 · Answer 1 · 2018-06-29T18:02:31.737

The global keyword lets you access to a global variable, not create a new one. Just delete the global keyword there. The global keyword must be placed inside the function you are going to use the variable. Check https://www.w3schools.com/php/php_variables.asp to see how to use it.

The correction of your code would be:

include('config.php');
require_once "variables.php";
// Changes start here
$uploadID = " ";    //getting error in this line

function uploadImage($wtI,$tbln,$pri,$db){
    global $uploadID;
    //Changes end here
    if(is_array($_FILES)) {
    if(is_uploaded_file($_FILES['image']['tmp_name'])) {
        $sourcePath = $_FILES['image']['tmp_name'];
        $targetFolder = "../upload_images/$wtI/";
        if (!file_exists($targetFolder)) {
            mkdir($targetFolder, 0777, true);
        }
        $targetPath = $targetFolder.$_FILES['image']['name'];
        while(file_exists($targetPath)){
            $targetPath = $targetFolder.uniqid().'-'.$_FILES['image']['name'];
        }
        if(move_uploaded_file($sourcePath,$targetPath)){

            $sql = "UPDATE `$tbln` SET image='".substr($targetPath,3)."' WHERE $pri=$uploadID;";
            $result=mysqli_query($db,$sql);
            return true;
        }
        else return false;
    }
}

}

I'm answering from my phone, so please excuse the format issues

getting parse error in php file

1 Answers1