diff --git a/reference/filesystem/functions/parse-ini-file.xml b/reference/filesystem/functions/parse-ini-file.xml
index 44c687e5707a..40cee2f729c5 100644
--- a/reference/filesystem/functions/parse-ini-file.xml
+++ b/reference/filesystem/functions/parse-ini-file.xml
@@ -22,6 +22,14 @@
   <para>
    The structure of the ini file is the same as the &php.ini;'s.
   </para>
+  <warning>
+   <simpara>
+    This function must not be used with untrusted inputs, unless
+    <parameter>scanner_mode</parameter> is <constant>INI_SCANNER_RAW</constant>
+    since the parsed output might contain the values of sensitive
+    constants, such as constants holding a database password.
+   </simpara>
+  </warning>
  </refsect1>
 
  <refsect1 role="parameters">
diff --git a/reference/filesystem/functions/parse-ini-string.xml b/reference/filesystem/functions/parse-ini-string.xml
index 563a8ae505f3..2ed0bdd5a345 100644
--- a/reference/filesystem/functions/parse-ini-string.xml
+++ b/reference/filesystem/functions/parse-ini-string.xml
@@ -21,6 +21,14 @@
   <para>
    The structure of the ini string is the same as the &php.ini;'s.
   </para>
+  <warning>
+   <simpara>
+    This function must not be used with untrusted inputs, unless
+    <parameter>scanner_mode</parameter> is <constant>INI_SCANNER_RAW</constant>
+    since the parsed output might contain the values of sensitive
+    constants, such as constants holding a database password.
+   </simpara>
+  </warning>
  </refsect1>
 
  <refsect1 role="parameters">