php - Should I call exit() after calling Location: header?
You definitely should. Otherwise the script execution is not terminated. Setting another header alone is not enough to redirect.
php - Why should I call exit() after calling Location: header?
The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.
If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient.
Does it matter whether or not you call exit after a header(Location: ) call?
Yes, that is valid. The header() function just sends a header to the browser along with the rest of your page which tells the browser to redirect. If you don't want the script to continue running then you should do an exit or die.
There may be cases where you want the script to continue running though as well, depending on the script. You may be keeping track of page hits or something and you might have code insert that into a database included at the bottom of every page. If you want it to track the hit before the redirect then you wouldn't want to exit early.
Another case you might want to continue running the code is if you have a timed redirect header, and want to display something to the user like Redirect to: http://xxxxxx in 5 seconds. So they have a chance to see where their browser's going before the redirect. You would probably only want to do that if you were redirecting them to an entirely different website though.
In most cases you do want to exit because you do not likely want to output anything to the browser in that case and the extra code will just slow down your redirect.
Why I have to call 'exit' after redirection through header('Location..') in PHP?
could the code after the header-location call be effectively executed?
Yes, always. The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.
That is easy enough to do with a command-line client like wget, for example, by simply telling it not to follow redirects.
Bottom line: If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient without any special hacking skills.
PHP: Utilizing exit(); or die(); after header(Location: );
I have been looking for an answer on this as well. What I found:
Why die() or exit():
If you don't put a die() or exit() after your header('Location: http://something') your script may continue resulting in unexpected behaviour. This may for example result in content being disclosed that you actually wanted to prevent with the redirect (HTTP 301). The aforementioned may not directly be visible for an end user as the browser may not render it (due to the 301). Conclusion, the exit() and die() functions stop the script from continuing.
Difference:
I also wanted to know the difference between the functions as it seems there is none. However, in PHP, there is a distinct difference in Header output.
In the examples below I chose to use a different header but for sake of showing the difference between exit() and die() that doesn't matter.
Exit() in action
<?php
header('HTTP/1.1 304 Not Modified');
exit();
?>
Results in:
HTTP/1.1 304 Not Modified
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Die() in action
<?php
header('HTTP/1.1 304 Not Modified');
die();
?>
Results in:
HTTP/1.1 304 Not Modified
Connection: close
Difference
So, die() closes the connection and exit() doesn't. It depends on performance whether or not you want to keep the connection open or close it. Both have advantages and disadvantages and depends on your specific requirement(s).
HTTP persistent connections on Wiki
Should I use return; after a header()?
header("Location: ......"); exit; is a fairly common pattern.
When should I call header('Location') without die()?
A good example is explained in this PHP user note, copied here for posterity:
A simple but useful packaging of arr1's suggestion for continuing
processing after telling the the browser that output is finished.I always redirect when a request requires some processing (so we don't
do it twice on refresh) which makes things easy...
<?php
function redirect_and_continue($sURL)
{
header( "Location: ".$sURL ) ;
ob_end_clean(); //arr1s code
header("Connection: close");
ignore_user_abort();
ob_start();
header("Content-Length: 0");
ob_end_flush();
flush(); // end arr1s code
session_write_close(); // as pointed out by Anonymous
}
?>
This is useful for tasks that take a long time, such as converting a video or scaling a big image.
Related Topics
How to Validate an Email Address in PHP
How to Access This Object Property With an Illegal Name
How to Close a Connection Early
Convert Seconds to Hour:Minute:Second
How to Truncate a String in PHP to the Word Closest to a Certain Number of Characters
MySQL Connection Not Working: 2002 No Such File or Directory
What Is the Advantage of Using Heredoc in PHP
How to Implement Authorization Using a Telegram API
Convert Time in Hh:Mm:Ss Format to Seconds Only
How to Access Object Properties With Names Like Integers or Invalid Property Names
How to Use PHP Serialize() and Unserialize()
PHP - Should I Call Exit() After Calling Location: Header
Sort Multidimensional Array by Multiple Columns
How to Convert Date to Timestamp in PHP
Getting Raw SQL Query String from Pdo Prepared Statements