View Issue Details

IDProjectCategoryView StatusLast Update
0017187phplist applicationOtherpublic16-07-14 16:56
Reporterduncanc 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.0.6 
Target Version3.0.7Fixed in Version3.0.7 
Summary0017187: SQL is not displayed when an error occurs
DescriptionIn mysqli.inc and mysql.inc the variable $lastquery is not always set. So when an error occurs on a query the sql is not displayed.

In function Sql_Query $lastquery is set only when $developer_email is already set (which is usually not the case). So in function Sql_Error() that variable is undefined.

It would be more useful to always display the sql when an error occurs.
TagsNo tags attached.

Relationships

related to 0017172 resolvedmichiel update mysql.inc to mysqli.inc 

Activities

michiel

15-05-14 14:28

manager   ~0053726


no, for security it is custom to not display SQL errors, to avoid SQL Injection profiling.

So, it should only really display the SQL in developer mode. The undefined variable needs to be caught as well.

duncanc

28-06-14 13:14

developer   ~0054067

Corrected function name where the undefined variable occurs

duncanc

28-06-14 13:48

developer   ~0054068

Another small issue in mysqli.inc and mysql.inc with functions dbg() and cl_output().
These are defined in connect.php, so if any database errors happen before connect.php has been included then they will not have been defined.
Looking at index.php languages.php and defaultconfig.php are included before connect.php.

duncanc

28-06-14 13:48

developer   ~0054069

Need to add file mysqli.inc to the GitHub repository.