This section provides you with a minimum knowledge of PHP, it is NOT a full in-depth course. If you already know PHP, then I still advise you to scan through these pages as we will also will describe how you can modify the behavior of the many PHsPeed components.

Web applications


Before going into PHP it is important that you know a bit of how web applications work, and how PHsPeed web applications work. Simplified:


If you have been working with desktop applications like Word or Excel, then you actually are running a program locally on your workstation. Before you close your program, you must save your data or it gets lost. Web applications work differently. To start your web application you use a web browser that seeks contact to a server by the url you have given. This starts the PHP application that will create output that is shown on your browser, and then closes the program and forget all about you. The output that is sent can contain several parts, but mostly it contains references to HTML which describes your page, a style which describes the looks and JavaScript that performs client-side interactive behavior. But the most important message here is, that after sending the output of the application to the browser the application is closed! 


So how does it work when you login on a page, then goes to another page containing a menu and start all kinds of forms? Surely the system must know something about you? The answer is 'sessions'. Whenever you start a PHP application a session must be created and the reference must be kept within the web page. When the application closes, it will store the session data and puts the reference to that data hidden in your web page. When you click on a button and the PHP application starts up, it will see that there is a session and retrieve it's data. It is up the application to handle this sequence in a valid way. 

PHsPeed


When you use PHsPeed, you don't have to worry about sessions, as it is handled for you automatically. But it is important to know the basic principle. When we explain variables, you will know that there is a session pool where your overall data is managed. PHsPeed does not send individual data to the client to be sent this data back to the application when a user clicks a button. This method was used often in the early days, but allows potential attackers to interfere and therefore can be considered as a vulnerability. PHsPeed stores all required information in the session among with some token information to avoid this problem.