The following code is some kind of pseudocode.

That doesn't really allow anyone else to be of much help with the diagnosis, unfortunately. $sth->execute() is quite happy to accept undefined variables as arguments and does not raise warnings about them. It sounds like the warnings you are seeing probably stem from elsewhere in your code. If you can provide an SSCCE someone might be able to spot the problem for you.

FWIW, I wouldn't have that $hStatement2->prepare call inside the loop - you are losing all of the efficiency by re-preparing the exact same query over and over again.