Hiding PHP / MySQL error message

Question

I have a website based on X-Cart. It’s working fine. However, when I go to the address (manually accessing the link) www.mysite.com/"Xx<XaXaXXaXaX>xX I get this error message:

INVALID SQL: 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '",)' LIMIT 1' at line 1<br /><b><font color="darkred">SQL QUERY FAILURE:</font></b>SELECT xid FROM xcart_session_history WHERE ip = INET_ATON('165.193.42.141') AND host = '&quot;XxxXx';&quot;,)' LIMIT 1
INVALID SQL: 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';",)', 'e8bc1df13aab2c25c7560512a5029eb1')' at line 1<br /><b><font color="darkred">SQL QUERY FAILURE:</font></b>REPLACE INTO xcart_session_history (ip,host,xid) VALUES (INET_ATON('165.193.42.141'), '"XxxXx';",)', 'e8bc1df13aab2c25c7560512a5029eb1')

I find this to be a vulnerability on my system because it reveals the table name and other details.

I would like to keep PHP/MYSQL from showing this message on the screen. How can I disable it?

Answer 1

Set $debug_mode in config.php to 2

http://help.x-cart.com/index.php?title=X-Cart:Config.php#Correcting_debug_mode

Answer 2

// Turn off all error reporting

error_reporting(0);

// Report all PHP errors

error_reporting(E_ALL);

// Report all PHP errors

error_reporting(-1);

use any of that one if you use database then select error_reporting(0)

Answer 3

To turn off all error reporting:

error_reporting(0);

You should set it at top of some header file that is loaded across all pages.

Answer 4

error_reporting(0); //is safer then modifying the config.php file