MYSQLI prepared statement bind_param types does not work

Question

I have been using prepared insert statements for some years and assumed it was binding parameters properly or would give an error but it seems not as the following php binds and

Answer 1

$stmt->bind_param() doesn't check the given variables for a certain type, it only converts them into the specified type. And your string 'aaaaaaa' is converted into an int-value: 0. That's the way php does it.

The database insert statement is the wrong place to check, if your variables contain useful/correct values. Do that before and only try to insert them, if your validations work.

To do the validation for an int, you could use the php-function is_numeric() or is_int().