find() returns an entity of id 1 if a string is passed as $id and starts with 1 #6918

New Issue

admin · 2026-01-22T15:41:19+01:00

admin commented

2026-01-22 15:41:19 +01:00

Originally created by @kaamui on GitHub (Jan 27, 2022).

Bug Report

Q	A
BC Break	no
Version	2.7.1-DEV

Summary

With just this in a table "Version" => {id:1, value:"1.6.2"} :

dump($em->getRepository(Version::class)->find("1.5.4")); //returns the entity of id 1
dump($em->getRepository(Version::class)->find("1oiasdoijadajklsd")); //returns the entity of id 1
dump($em->getRepository(Version::class)->findOneById("1.5.4")); //returns the entity of id 1
dump($em->getRepository(Version::class)->findOneById("1oiasdoijadajklsd")); //returns the entity of id 1
dump($em->getRepository(Version::class)->find("2.0.6")); //returns null (but pretty sure if I have an entity with id 2 it will return it)

Current behavior

An entity of id intval(<insert_what_you_want_here>) is returned

How to reproduce

Create a simple entity as mentioned. Fill the table as mentioned. Try to dump find results to see how it behaves.

Expected behavior

IMHO, it should return null in the case the PK is of type INT and the user performs a search with a non-int value. I don't know if an explicit call to intval is performed, or if it happens more implicitly, but I think, for a PK of type int, is_numeric($id) or something more robust could be performed to return null if not true. For "1.5.4", maybe it could throw an exception because not of the type of the PK, idk ...

Originally created by @kaamui on GitHub (Jan 27, 2022). ### Bug Report  | Q | A |------------ | ------ | BC Break | no | Version | 2.7.1-DEV #### Summary With just this in a table "Version" => {id:1, value:"1.6.2"} : ``` dump($em->getRepository(Version::class)->find("1.5.4")); //returns the entity of id 1 dump($em->getRepository(Version::class)->find("1oiasdoijadajklsd")); //returns the entity of id 1 dump($em->getRepository(Version::class)->findOneById("1.5.4")); //returns the entity of id 1 dump($em->getRepository(Version::class)->findOneById("1oiasdoijadajklsd")); //returns the entity of id 1 dump($em->getRepository(Version::class)->find("2.0.6")); //returns null (but pretty sure if I have an entity with id 2 it will return it) ``` #### Current behavior An entity of id `intval(<insert_what_you_want_here>)` is returned #### How to reproduce Create a simple entity as mentioned. Fill the table as mentioned. Try to dump find results to see how it behaves. #### Expected behavior IMHO, it should return null in the case the PK is of type INT and the user performs a search with a non-int value. I don't know if an explicit call to intval is performed, or if it happens more implicitly, but I think, for a PK of type int, `is_numeric($id)` or something more robust could be performed to return null if not true. For "1.5.4", maybe it could throw an exception because not of the type of the PK, idk ...

admin closed this issue

2026-01-22 15:41:19 +01:00

admin commented

2026-01-22 15:41:20 +01:00

@kafoso commented on GitHub (Jan 27, 2022):

Agreed.

Calling the function with is_numeric('1.5') will still yield int 1, though, because '1.5' is indeed numeric (a decimal).

This regex should do the job for validating an integer: /^(0|-?[1-9]\d*)$/

@kafoso commented on GitHub (Jan 27, 2022): Agreed. Calling the function with `is_numeric('1.5')` will still yield `int 1`, though, because `'1.5'` is indeed numeric (a decimal). This regex should do the job for validating an integer: `/^(0|-?[1-9]\d*)$/`

admin commented

2026-01-22 15:41:21 +01:00

@derrabus commented on GitHub (Jan 28, 2022):

ORM 2.7 is not supported anymore. Please reproduce your issue with a recent version of the ORM.

@derrabus commented on GitHub (Jan 28, 2022): ORM 2.7 is not supported anymore. Please reproduce your issue with a recent version of the ORM.

admin commented

2026-01-22 15:41:21 +01:00

@beberlei commented on GitHub (Jan 28, 2022):

This is still the case with a recent ORM since this is just the type juggling applied here, passing a string gets converted to int.

I don't see that we fix this, because we cannot ensure this kind of safety for arbitrary types.

@beberlei commented on GitHub (Jan 28, 2022): This is still the case with a recent ORM since this is just the type juggling applied here, passing a string gets converted to int. I don't see that we fix this, because we cannot ensure this kind of safety for arbitrary types.

admin commented

2026-01-22 15:41:21 +01:00

@kaamui commented on GitHub (Jan 28, 2022):

But you know the expected type for the column you search in right ? I agree that in most cases it cannot be resolved, but in the most common case where find() must search for a value of a PK that is a single column of type int, you can ensure that the given string is a int or return null.

Btw, I searched where thie conversion was made, in EntityManager.php, UnitOfWork.php, but could not find precisely where the conversion happens. Do you know precisely where the mixed $id becames an int in this case ?

@kaamui commented on GitHub (Jan 28, 2022): But you know the expected type for the column you search in right ? I agree that in most cases it cannot be resolved, but in the most common case where find() must search for a value of a PK that is a single column of type int, you can ensure that the given string is a int or return null. Btw, I searched where thie conversion was made, in EntityManager.php, UnitOfWork.php, but could not find precisely where the conversion happens. Do you know precisely where the mixed $id becames an int in this case ?

admin referenced this issue

2026-01-22 16:06:49 +01:00

[PR #6918] [CS] No alias functions #10211

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: doctrine/archived-orm#6918