PHP :: Bug #75410 :: mysqli_stmt_bind_param does not generate warnings/errors for undefined vars

Bug #75410	mysqli_stmt_bind_param does not generate warnings/errors for undefined vars
Submitted:	2017-10-20 17:07 UTC	Modified:	2017-10-20 19:25 UTC
From:	nisto at gmx dot com	Assigned:	kalle (profile)
Status:	Closed	Package:	MySQLi related
PHP Version:	7.1.10	OS:	Windows 7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	nisto at gmx dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2017-10-20 17:07 UTC] nisto at gmx dot com

Description:
------------
I was trying to debug a database error and after many minutes eventually realized that I had misspelled a variable passed to mysqli_stmt_bind_param (which, of course, was not set). I think it should really throw an error, or at least give a warning if a variable is undefined.

I downloaded PHP from windows.php.net. I have error_reporting set to E_ALL and display_errors is enabled. My php.ini file looks essentially just like the included php.ini-development file; the only difference is that I've enabled the mysqli and mbstring extensions.

Test script:
---------------
<?php

    $Db = mysqli_connect('host', 'user', 'pass', 'database');

    $Query = "SELECT `field1` FROM `table` WHERE `field2` = ? LIMIT 1";

    $Statement = mysqli_stmt_init($Db);

    mysqli_stmt_prepare($Stmt, $Query);

    /* I would expect this to throw a warning or error */
    mysqli_stmt_bind_param($Stmt, 's', $UndefinedVariable);

?>

Expected result:
----------------
A warning or error.

Actual result:
--------------
No warning or error is given.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-10-20 19:25 UTC] kalle@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: kalle

[2017-10-20 19:25 UTC] kalle@php.net

NULL variables passed by reference will not yield any notice (E_NOTICE), this is not specific to the mysqli extension but anywhere an undefined variable is used in pass by reference context. f.e.:

<?php
function test(&$p) {
}

test($p); // no notice, $p undefined

$p = null;

test($p); // no notice, $p defined
?>

I think the reason for why this behavior is, but don't quote me, is that PHP cannot tell if a variable actually exists if its value is NULL, this behavior is easily illustrated by using the isset language construct:

<?php
var_dump(isset($a)); // bool(false)

$a = null;

var_dump(isset($a)); // bool(false)
?>

And therefore PHP will revert to silent behavior, while this is confusing, I can totally understand that but I don't think this is likely to be changed unless a more formal RFC can be presented to the internals@ mailing list.

Tho this did not solve your issue, I hope it was at least a little insightful, thank you for using PHP!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 02:01:35 2025 UTC