ErrorNotes

Fixing 'Passing null to parameter of type string' in PHP 8.1+

beginner๐Ÿ˜ PHP2026-06-24| PHP 8.1, 8.2, or 8.3 running on Linux (Ubuntu/Debian), Nginx/Apache, or Docker containers.

Error Message

Deprecated: str_replace(): Passing null to parameter #1 ($search) of type array|string is deprecated in /var/www/html/app.php on line 42
#php81#deprecated#null-handling#php-migration#backend

The Quick Fix

PHP 8.1 and newer versions no longer accept null for internal functions that expect a string. To resolve this instantly, use the null coalescing operator (?? '') to ensure a default empty string is always provided.

// โŒ Old code (Triggers Deprecated warning)
$output = str_replace($search, $replace, $subject);

// โœ… Recommended: Null Coalescing
$output = str_replace($search ?? '', $replace ?? '', $subject ?? '');

// โœ… Alternative: Explicit Casting
$output = str_replace((string)$search, (string)$replace, (string)$subject);

Why your logs are suddenly massive

Upgrading to PHP 8.1 often comes with a nasty surprise: error logs that swell by hundreds of megabytes in a single day. Previously, PHP was quite permissive. If you passed null to functions like strlen or trim, PHP silently converted it to an empty string. It was convenient, but it hid potential bugs in your data logic.

The PHP internals team is now tightening the screws on type safety. Passing null to these parameters is officially deprecated. While your code still runs for now, PHP 9.0 will likely turn these into TypeError exceptions. This would cause your entire application to crash instead of just filling up a log file.

You are likely seeing this specific error pattern:

Deprecated: str_replace(): Passing null to parameter #1 ($search) of type array|string is deprecated in /var/www/html/app.php on line 42

Common Scenarios

1. Nullable Database Columns

This is the primary culprit. Imagine you fetch a user profile where the middle_name column is nullable. If a user doesn't have a middle name, your database driver returns null. Passing that directly into a string function will now trigger the warning.

$user = $db->fetch("SELECT middle_name FROM users WHERE id = 123");
// If the column is NULL, this line is now "noisy":
echo strlen($user['middle_name']);

2. Unpredictable API Payloads

External APIs are notorious for inconsistent data. A JSON field might be a string in one response and null in the next. If your code assumes the field is always a string, your production logs will quickly fill with deprecation notices during high-traffic periods.

3. Optional Form Inputs

Frameworks sometimes normalize empty form inputs to null. If you process a search filter or an optional bio field without checking the type, you'll hit this deprecation hurdle immediately.

Practical Fix Approaches

Method 1: The Null Coalescing Operator

Using ?? '' is the cleanest and most readable solution. It explicitly tells other developers: "We expect a string, but if the data is missing, treat it as empty."

// Safe and concise
$slug = strtolower($title ?? '');

Method 2: Explicit String Casting

Casting is a "brute force" approach that works well for large-scale refactoring. It is particularly useful when you are doing a global search-and-replace across thousands of lines of legacy code. In PHP, (string)null always evaluates to "".

$description = trim((string)$data->description);

Method 3: Fixing at the Model Level

If you use an ORM like Laravel's Eloquent, handle the conversion at the source. This prevents the null from ever reaching your business logic. Use an Attribute to ensure the value is always a string when accessed.

// Laravel Example: Ensuring a string return
protected function biography(): Attribute
{
    return Attribute::make(
        get: fn (?string $value) => $value ?? '',
    );
}

Finding Hotspots in Your Codebase

Don't wait for your users to trigger every possible code path. You can proactively find these issues using grep to search for common string functions in your source directory:

grep -rnE "(str_replace|strlen|trim|explode|strpos)" ./src

For a more robust solution, use PHPStan. Static analysis tools can identify every instance where a nullable variable is passed into a non-nullable function parameter. This is much safer than manual searching.

# Install PHPStan
composer require --dev phpstan/phpstan

# Run analysis at level 5 or higher
vendor/bin/phpstan analyse src --level 5

How to verify the fix

Once you have applied your changes, confirm the warnings are gone. Simply hiding the errors in your configuration is a temporary band-aid, not a fix.

  • Enable full error reporting in your dev environment: error_reporting(E_ALL);
  • Run your automated test suite or manually trigger the affected page.
  • Monitor your PHP-FPM or Apache error logs (e.g., tail -f /var/log/php-fpm.log).
  • Verify that no new "Deprecated" entries appear when the code executes.

Related Error Notes

How to Fix PHP Warning: Creating default object from empty value

Warning: Creating default object from empty value in /var/www/html/app.php on line 15

Fix PHP Fatal error: Uncaught DivisionByZeroError: Division by zero

Fatal error: Uncaught DivisionByZeroError: Division by zero in /path/to/script.php

Fix PHP Warning: Input variables exceeded 1000 (max_input_vars)

PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini.