View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0017187||phplist application||Other||public||11-05-14 20:09||16-07-14 17:56|
|Target Version||3.0.7||Fixed in Version||3.0.7|
|Summary||0017187: SQL is not displayed when an error occurs|
|Description||In mysqli.inc and mysql.inc the variable $lastquery is not always set. So when an error occurs on a query the sql is not displayed.|
In function Sql_Query $lastquery is set only when $developer_email is already set (which is usually not the case). So in function Sql_Error() that variable is undefined.
It would be more useful to always display the sql when an error occurs.
|Tags||No tags attached.|
no, for security it is custom to not display SQL errors, to avoid SQL Injection profiling.
So, it should only really display the SQL in developer mode. The undefined variable needs to be caught as well.
||Corrected function name where the undefined variable occurs|
Another small issue in mysqli.inc and mysql.inc with functions dbg() and cl_output().
These are defined in connect.php, so if any database errors happen before connect.php has been included then they will not have been defined.
Looking at index.php languages.php and defaultconfig.php are included before connect.php.
||Need to add file mysqli.inc to the GitHub repository.|