0

Please help, the error is something like this :

Warning: Undefined array key "Nama" in D:\xampp\htdocs\phpdasar\pertemuan7\latihan2.php on line 11

Warning: Undefined array key "NIM" in D:\xampp\htdocs\phpdasar\pertemuan7\latihan2.php on line 12

Warning: Undefined array key "Email" in D:\xampp\htdocs\phpdasar\pertemuan7\latihan2.php on line 13

Warning: Undefined array key "Jurusan" in D:\xampp\htdocs\phpdasar\pertemuan7\latihan2.php on line 1

<ul>
    <li><img src="img/<?= $_GET ["gambar"]; ?>"></li>
    <li><?= $_GET["Nama"];?></li>
</ul>
Dewi Sari
  • 3
  • 1
  • 4

1 Answers1

2

First of all I have to mention, that what you are doing there is dangerous because it can cause reflected XSS attacks

That out of the way, you have to check if the index of the $_GET array is defined.

<ul>
    <li><?= isset($_GET["Nama"]) ? $_GET["Nama"] : "";?></li>
</ul>

As requested in the comments, here are some ways, you could prevent XSS for this example:

htmlentities($_GET["Nama"]);
// or
filter_var($_GET["Nama"], FILTER_SANITIZE_SPECIAL_CHARS);

both effectively do the same and lead to browser just outputs what the user entered or provided in the URL without interpreting any of it (check docs for filtering and sanitizing inputs)

MattDMo
  • 100,794
  • 21
  • 241
  • 231
jumper85
  • 472
  • 3
  • 9
  • jumper85, thank you for helping but what is XSS? I'm sorry but I'm very new to programming so I don't understand a lot of things. – Dewi Sari Apr 05 '21 at 08:14
  • @DewiSari - It's all explained in the link "reflected XSS attacks" they posted with the answer. – M. Eriksson Apr 05 '21 at 08:18
  • it's short for cross-site scripting, someone could set malicious code (usually some javascript) in your sites URL and it gets reflected because you print it without any filtering/sanitizing. [Here](https://dev.to/anastasionico/good-practices-how-to-sanitize-validate-and-escape-in-php-3-methods-139b) is an article that explains some of this. – jumper85 Apr 05 '21 at 08:19
  • _Suggestion:_ Show how to protect against XSS while you're at it, since it was an important and good point you made regarding it :-) – M. Eriksson Apr 05 '21 at 08:19
  • @MagnusEriksson you're right, added some examples – jumper85 Apr 05 '21 at 08:24
  • @MattDMo Thank you for the advice. I have done it. – Dewi Sari Apr 06 '21 at 02:25