Error or php + mysql code is appeared to the user. What info can be extracted and how to prevent this?

I am using an eclass platform on Xampp. When you go directly to a file like www.domain.com/eclass/document.php and not follow the through-the-site n开发者_开发技巧avigation you get this.

What info can be extracted by a user, how to avoid it and how much is this harmful to the system ?

1146: Table 'eclass.accueil' doesn't exist
                    select `id` from accueil
                    where visible=1 AND lien NOT LIKE '%/user.php'
                    ORDER BY rubrique

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\eclass\include\init.php on line 310

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\eclass\include\lib\main.lib.php:61) in C:\xampp\htdocs\eclass\include\baseTheme.php on line 60

Apart from what others have already mentioned:

1. You could check if the visitor is making a direct request of the file, or if he is accessing it "the normal way." Include some form of authorisation in all your php files. Redirect users to main page if they are not authorised.

2. You could use .htaccess to protect files from direct access

This could potentially be used to find holes in your security.

You can easily avert this by throwing an Exception whenever a mysql_query fails, and catching the Exception of course ;)

You can also catch warnings. See set_error_handler and set_exception_handler

This exposes both (part of) your database structure and also your filesystem structure. It would allow for a technically sophisticated user to research known exploits for the system you are using, and could end poorly.

Update your php.ini to turn display_errors off, and restart XAMPP, and it should prevent this from happening.