Hiding PHP / MySQL error message
I have a website based on X-Cart. It’s working fine. However, when I go to the address (manually accessing the link) www.mysite.com/"Xx<XaXaXXaXaX>xX I get this error message:
INVALID SQL: 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '",)
' LIMIT 1' at line 1<br /><b><font color="darkred">SQL QUERY FAILURE:</font></b>SELECT xid FROM xcart_session_history WHERE ip = INET_ATON('165.193.42.141') AND host = '"XxxXx';",)' LIMIT 1
INVALID SQL: 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';",)', 'e8bc1df13aab2c25c7560512a5029eb1')' at line 1<br /><b><font color="darkred">SQL QUERY FAILURE:</font></b>REPLACE INTO xcart_session_history (ip,host,xid) VALUES (INET_ATON('165.193.42.141'), '"XxxXx';",)', 'e8bc1df13aab2c25c7560512a5029eb1')
I find this to be a vulnerability on my system because it reveals the table name and other details.
I would like to keep PHP/MYSQL from showing this message on the screen. How can I disable it?
Answer
Set $debug_mode in config.php to 2
http://help.x-cart.com/index.php?title=X-Cart:Config.php#Correcting_debug_mode