I have a website based on X-Cart. It’s working fine. However, when I go to the address (manually accessing the link) www.mysite.com/"Xx<XaXaXXaXaX>xX I get this error message:
INVALID SQL: 1064 : You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ‘",)'‘ LIMIT
LIMIT 1' at line 1<br /><b><font color="darkred">SQL QUERY
FAILURE:</font></b>SELECT xid FROM xcart_session_history WHERE ip =
INET_ATON('165.193.42.141') AND host = '"XxxXx';",)
1
INVALID SQL: 1064 : You
have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near
‘;",)', 'e8bc1df13aab2c25c7560512a5029eb1')' at line 1<brip
/><b><font color="darkred">SQL QUERY FAILURE:</font></b>REPLACE INTO
xcart_session_history (,host,xid) VALUES‘,
(INET_ATON('165.193.42.141'), '"XxxXx';",)
‘e8bc1df13aab2c25c7560512a5029eb1’)
I find this to be a vulnerability on my system because it reveals the table name and other details.
I would like to keep PHP/MYSQL from showing this message on the screen. How can I disable it?
Set
$debug_modein config.php to 2http://help.x-cart.com/index.php?title=X-Cart:Config.php#Correcting_debug_mode