| maverick |
First Post Posted on: 07-18-10 10:39 AM |
| Turning Off SQL Error Reporting |
|
| hi,\
when you put a ' into a variable like http://www.mewsoft.com/cgi-bin/auction/auction.cgi?action=Browse&Search=Category&Cat_ID=4'&CatA_ID=0&Lang=English\
it returns the following which gives too much for sql injection:\
\
SQL Error: You have an error in your SQL syntax near ''' at line 1\
Query: \
SELECT Adult FROM Auction_Categories WHERE Cat_ID=4'\
Line 420, File /home/httpd/vhosts/mewsoft.com/cgi-bin/auction/General.pm.\
\
i dont want to show this info to nasty visitors. how can i turn this error reporting off? |
|
|
|
|
|
