PHP :: Bug #75410 :: mysqli_stmt_bind_param does not generate warnings/errors for undefined vars

Bug #75410	mysqli_stmt_bind_param does not generate warnings/errors for undefined vars
Submitted:	2017-10-20 17:07 UTC	Modified:	2017-10-20 19:25 UTC
From:	nisto at gmx dot com	Assigned:	kalle (profile)
Status:	Closed	Package:	MySQLi related
PHP Version:	7.1.10	OS:	Windows 7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nisto at gmx dot com
New email:
PHP Version:		OS:

New Comment:

[2017-10-20 17:07 UTC] nisto at gmx dot com

Description:
------------
I was trying to debug a database error and after many minutes eventually realized that I had misspelled a variable passed to mysqli_stmt_bind_param (which, of course, was not set). I think it should really throw an error, or at least give a warning if a variable is undefined.

I downloaded PHP from windows.php.net. I have error_reporting set to E_ALL and display_errors is enabled. My php.ini file looks essentially just like the included php.ini-development file; the only difference is that I've enabled the mysqli and mbstring extensions.

Test script:
---------------
<?php

    $Db = mysqli_connect('host', 'user', 'pass', 'database');

    $Query = "SELECT `field1` FROM `table` WHERE `field2` = ? LIMIT 1";

    $Statement = mysqli_stmt_init($Db);

    mysqli_stmt_prepare($Stmt, $Query);

    /* I would expect this to throw a warning or error */
    mysqli_stmt_bind_param($Stmt, 's', $UndefinedVariable);

?>

Expected result:
----------------
A warning or error.

Actual result:
--------------
No warning or error is given.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-10-20 19:25 UTC] kalle@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: kalle

[2017-10-20 19:25 UTC] kalle@php.net

NULL variables passed by reference will not yield any notice (E_NOTICE), this is not specific to the mysqli extension but anywhere an undefined variable is used in pass by reference context. f.e.:

<?php
function test(&$p) {
}

test($p); // no notice, $p undefined

$p = null;

test($p); // no notice, $p defined
?>

I think the reason for why this behavior is, but don't quote me, is that PHP cannot tell if a variable actually exists if its value is NULL, this behavior is easily illustrated by using the isset language construct:

<?php
var_dump(isset($a)); // bool(false)

$a = null;

var_dump(isset($a)); // bool(false)
?>

And therefore PHP will revert to silent behavior, while this is confusing, I can totally understand that but I don't think this is likely to be changed unless a more formal RFC can be presented to the internals@ mailing list.

Tho this did not solve your issue, I hope it was at least a little insightful, thank you for using PHP!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 05:01:33 2025 UTC