Dumping out MySql error messages is all very helpful when trying to debug a problem, however having such detail by default to public pages when errors are encountered represents a serious security risk since it exposes the structure of the database to anyone with mal-intent who can force an error.
Is there any way that such MySql message dumps can be turned off?
Clearly commenting out 'errors_list' from the template isn't the answer as that also removes all hint that an error occured, but trimming off the mysql dump should be possible, however if it is an option the means of achieving it isn't obvious.
This arose following a security check where a guest (no user_id) was attempting to save a cart, causing a database error in the cart_save.php page of a site running 3.4.1... I know, should upgrade and all that... just not feasible, and also besides the point with regard to exposing sensitive information to joe public.
