How to prevent Illegel/ Logically Incorrect Queries?

Illegal/Logically Incorrect Queries

1)Original
URL:http://www.arch.polimi.it/eventi/?id_nav=886
2)SQLInjection:
http:/`/www.arch.polimi.it/eventi/?id_nav=8864'
3) Error message showed:
SELECT name FROM Employee WHERE id =8864\' from
the message error we can find out name of table and fields:
name; Employee; id. By the gained information attacker can
arrange more strict attacks

Should I hide the error message into 404 - Error instead of showing all of them? or is there any other method to prevent this?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.