The best way is to prevent such embarassement by providing a more end-user type of message with a php error handling function. function sql_failure_handler($query, $error) { $msg = htmlspecialchars(“Failed Query: {$query} SQL Error: …
The rest is here:
Solutions to SQL Injection Attack – Hungred.com