Apa iku superglobal PHP?

Question

Accepted Answer

**Superglobal** punika variabel PHP sing dipasang kang **otomatis kasedhia ing saben scope** — nyekel data referensi, informasi server, sesion, lan liyane. Iku cara PHP script ngrembaka informasi referensi HTTP sing mlebu.

## Superglobal utama

```php
<?php
$_GET       // query string parameters:  /page?id=5 → $_GET['id']
$_POST      // form POST data:            $_POST['username']
$_REQUEST   // combined GET + POST + COOKIE (avoid — ambiguous)
$_SERVER    // server/request info:       $_SERVER['REQUEST_METHOD'], ['HTTP_HOST']
$_SESSION   // session data (persists across requests)
$_COOKIE    // cookies sent by the browser
$_FILES     // uploaded files
$_ENV       // environment variables
$GLOBALS    // all global variables
```

Iki kasedhia ing saben papan (ora merlu tembung gasik `global`), beda karo variabel normal sing scope-e mung menyang fungsi-e.

## Ngrembaka data referensi

```php
// query parameters and form data
$id = $_GET['id'] ?? null;             // ?? provides a default if missing
$username = $_POST['username'] ?? '';

// request info
$method = $_SERVER['REQUEST_METHOD'];   // "GET", "POST"
$uri = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
```

## Peringatan keamanan KRITIS: aja percaya data superglobal

```php
// ❌ DANGEROUS — using raw input directly enables attacks
$query = "SELECT * FROM users WHERE id = " . $_GET['id'];   // SQL INJECTION!
echo $_GET['name'];                                          // XSS!

// ✅ ALWAYS validate, sanitize, and escape user input
$id = (int) $_GET['id'];                          // cast/validate
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");   // parameterized query
echo htmlspecialchars($_GET['name']);             // escape for output (prevent XSS)
```

**Data saka `$_GET`, `$_POST`, `$_COOKIE`, `$_REQUEST` punika input pengguna sing ora bisa dipercaya** — nggunakake langsung bisa ngaktifake SQL injection, XSS, lan serangan liyane. Solah validasi, gunakake query parametrized kanggo database, lan escape output.

## Kenapa iku penting

Superglobal iku dhasar pengembangan web PHP — iku cara script ngrembaka data referensi HTTP (query string, kiriman form, cookie, sesion, file sing diunggah, informasi server), dadi mangerteni iku pengetahuan saben dina sing perlu kanggo nangani input pengguna.

Nangerteni apa kang ana ing saben superglobal (`$_GET`, `$_POST`, `$_SERVER`, `$_SESSION`, lsp.) lan cara ngrembaka data referensi perlu kanggo ngbangun aplikasi PHP apa wae.

Namun titik **paling penting iku keamanan**: data saka `$_GET`/`$_POST`/`$_COOKIE`/`$_REQUEST` iku **input pengguna sing ora bisa dipercaya**, lan nggunakake langsung iku penyebab utama ancaman web sing paling umum lan mbahayaken (SQL injection, XSS).

Mangerteni manawa data referensi superglobal kudu **solah** divalidasi, digunakake kanthi aman (query parametrized kanggo database), lan di-escape ing output iku pengetahuan penting lan kritis keamanan — amarga superglobal iku titik mlebu-e input pengguna, salah gawe-e bakal dadi sumber akeh ancaman keamanan PHP sing serius, dadiane nangani kanthi aman iku tanggung jawab dhasar kanggo saben pengembang PHP. (Framework modern kaya Laravel bungkus superglobal ing abstraksi referensi sing luwih aman, nanging prinsip dhasar ora percaya input tetep terus.)