phpmysqlwebserverx-cart

Hiding PHP / MySQL error message


I have a website based on X-Cart. It’s working fine. However, when I go to the address (manually accessing the link) www.mysite.com/"Xx<XaXaXXaXaX>xX I get this error message:

INVALID SQL: 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '",)' LIMIT 1' at line 1<br /><b><font color="darkred">SQL QUERY FAILURE:</font></b>SELECT xid FROM xcart_session_history WHERE ip = INET_ATON('165.193.42.141') AND host = '&quot;XxxXx';&quot;,)' LIMIT 1
INVALID SQL: 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';",)', 'e8bc1df13aab2c25c7560512a5029eb1')' at line 1<br /><b><font color="darkred">SQL QUERY FAILURE:</font></b>REPLACE INTO xcart_session_history (ip,host,xid) VALUES (INET_ATON('165.193.42.141'), '&quot;XxxXx';&quot;,)', 'e8bc1df13aab2c25c7560512a5029eb1')

I find this to be a vulnerability on my system because it reveals the table name and other details.

I would like to keep PHP/MYSQL from showing this message on the screen. How can I disable it?


Solution

  • Set $debug_mode in config.php to 2

    http://help.x-cart.com/index.php?title=X-Cart:Config.php#Correcting_debug_mode