$_REQUEST passed to variable not working

[jsixk]

i've been programming in PHP for years, and have done a substantial amount of work on applications of this nature. this problem has me stumped, not because i can't fix it (i did), but because i have no idea what the problem is. there are hundreds of lines of code involved here, so i'll break it down into a post-friendly format.

 

take this for example, and forgive any typos. it's late, and i've been beating my head against this for over two hours... =\

this is from my form:

/*
... numerous form fields being passed as $_REQUEST arrays
*/
<input type="hidden" name="option_id[]" value="<?php print $query_result->option_id; ?>" />
/*
a couple hundred more lines
*/

 

here's the DB update handler:

        if (!empty($_REQUEST['option_name'])) {	
            foreach ($_REQUEST['option_name'] as $k => $v) {
                if ($v != '') {
                  $option_id = $_REQUEST['option_id'][$k];
	  $option_name = $_REQUEST['option_name'][$k];
	  $option_price = $_REQUEST['option_price'][$k];
	  $option_desc = htmlentities($_REQUEST['option_desc'][$k], ENT_QUOTES);
	  if (!$option_id = '') {
	    $sql_options = "UPDATE table SET"
	      . " option_name = '" . $option_name . "', option_price = '" . $option_price . "', option_desc = '" . $option_desc
	      . "' WHERE option_id = '" . $option_id "'";
	        if (!$query_function($sql_options)) {
                          $error = true;
                    	}
	  } else {
	    $sql_options = "INSERT INTO table (option_name, option_price, option_desc)"
	      . " VALUES ('" . $option_name . "', '" . $option_price . "', '" . $option_desc . "')";
             if (!$query_function($sql_options)) {
                       $error = true;
                     }
	  }
       }
            }
         }

 

the above code doesn't post to the database because the $option_id variable returns a null value. however, if i replace the $option_id variable where i build the query string with $_REQUEST['option_id'], it works just fine.

 

/*
in relevant part
*/

                    $sql_options = "UPDATE table SET"
	      . " option_name = '" . $option_name . "', option_price = '" . $option_price . "', option_desc = '" . $option_desc
	      . "' WHERE option_id = '" . $_REQUEST['option_id'] . "'";

 

needless to say i was infuriated by having spent a couple of hours to come to this conclusion. i only used the variables in the first place because i need to expand the function that this lives inside and i don't want to have to type $_REQUESTs over and over.

 

the only thing i can think is that it might be a type issue. the data is coming out of the mysql table from an INT field and being placed into the value for the hidden field straight from the row collection. would forcing a variant data type by not strongly typing my variable have caused this problem? i haven't tested the theory because i'm still too ticked off to open my code editor. i'm bouncing this off the community and posting my experience in the hope that it might help someone who comes after.

[requinix]

if (!$option_id = '') {

 

Also, that is bad form. You should use

if ($option_id != '') {

(which would have prevented the accidental assignment too)

[jsixk]

if ($option_id != '') {

 

good catch, thanks. =)

[ManiacDan]

In fact, that line will always set $option_id equal to '' and then execute the IF condition regardless of the original value of $option_id.