• Home

  • Custom Ecommerce
  • Application Development
  • Database Consulting
  • Cloud Hosting
  • Systems Integration
  • Legacy Business Systems
  • Security & Compliance
  • GIS

  • Expertise

  • About Us
  • Our Team
  • Clients
  • Blog
  • Careers

  • VisionPort

  • Contact
  • Our Blog

    Ongoing observations by End Point Dev people

    SQL errors in Interchange

    Jeff Boes

    By Jeff Boes
    September 7, 2011

    Interchange has a little feature whereby errors in a [query] tag are reported back to the session just like form validation errors. That is, given the intentional syntax error here:

    [query ... sql="select 1 from foo where 1="]
    

    Interchange will paste the error from your database in

      $Session->{errors}{'table foo'}
    

    That’s great, but it comes with a price: now you have a potential for a page with SQL in it, which site security services like McAfee will flag as “SQL injection failures”. Sometimes you just don’t want your SQL failures plastered all over for the world to see.

    Simple solution:

      DatabaseDefault LOG_SESSION_ERROR 0
    

    in your Interchange configuration file, possibly constrained so it only affects production (because you’d love to see your SQL errors when you are testing, right?).

    interchange sql


    Comments