PHP: Utilizing Exit(); or Die(); After Header("Location: ");

PHP: Utilizing exit(); or die(); after header( Location: );

I have been looking for an answer on this as well. What I found:

Why die() or exit():

If you don't put a die() or exit() after your header('Location: http://something') your script may continue resulting in unexpected behaviour. This may for example result in content being disclosed that you actually wanted to prevent with the redirect (HTTP 301). The aforementioned may not directly be visible for an end user as the browser may not render it (due to the 301). Conclusion, the exit() and die() functions stop the script from continuing.

Difference:

I also wanted to know the difference between the functions as it seems there is none. However, in PHP, there is a distinct difference in Header output.
In the examples below I chose to use a different header but for sake of showing the difference between exit() and die() that doesn't matter.

Exit() in action

<?php
    header('HTTP/1.1 304 Not Modified');
    exit();
?>

Results in:

HTTP/1.1 304 Not Modified 
Connection: Keep-Alive 
Keep-Alive: timeout=5, max=100

Die() in action

<?php
    header('HTTP/1.1 304 Not Modified');
    die();
?>

Results in:

HTTP/1.1 304 Not Modified 
Connection: close

Difference

So, die() closes the connection and exit() doesn't. It depends on performance whether or not you want to keep the connection open or close it. Both have advantages and disadvantages and depends on your specific requirement(s).

HTTP persistent connections on Wiki

php - Should I call exit() after calling Location: header?

You definitely should. Otherwise the script execution is not terminated. Setting another header alone is not enough to redirect.

Is it possible to redirect using PHP?

You could do something like this

header("Location: http://example.com/tryagain.php");
die();

Will PHP script be executed after header redirect?

Yes, the script continues to process after the call to header('Location: http://google.com') if you don't explicitly terminate it! I just tried this locally. I added test.php to a site in apache with these contents:

<?php

header('Location: http://google.com');
error_log("WE MADE IT HERE SOMEHOW");

?>

And checked my /var/log/apache2/error_log for this entry:

[Tue Feb 12 23:39:23 2013] [error] [client 127.0.0.1] WE MADE IT HERE SOMEHOW

Possibly surprising, but yes, it continues to execute if you don't halt execution.

php - Why should I call exit() after calling Location: header?

The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.

If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient.

When should I call header('Location') without die()?

A good example is explained in this PHP user note, copied here for posterity:

---

A simple but useful packaging of arr1's suggestion for continuing
processing after telling the the browser that output is finished.

I always redirect when a request requires some processing (so we don't
do it twice on refresh) which makes things easy...

<?php 
 function redirect_and_continue($sURL) 
 { 
  header( "Location: ".$sURL ) ; 
  ob_end_clean(); //arr1s code 
  header("Connection: close"); 
  ignore_user_abort(); 
  ob_start(); 
  header("Content-Length: 0"); 
  ob_end_flush(); 
  flush(); // end arr1s code 
  session_write_close(); // as pointed out by Anonymous 
 } 
?>

---

This is useful for tasks that take a long time, such as converting a video or scaling a big image.

Using exit() and header() to redirect as a one-liner

header() does not return anything to the exit() function - it sends out raw http headers and has a return type of void. The exit() function does not require a mandatory parameter, so yeah I think what you do would work :)

header ('Location: ') in PHP not redirecting

I just finally solved it guys!
What I did was ditch mysqli and went using PDO.
Here's my new code:

<?php
session_start();
$h = "localhost";
$u = "root"; 
$p = "";
$db = "user";
$msg = "";

try
{
    $con = new PDO("mysql:host=$h; dbname=$db", $u, $p);
    $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

        if(isset($_POST["sub"]))
        {
            if(empty($_POST["usern"]) || empty($_POST["passw"]))
            {
                $msg = "<label>Please enter username/password!</label>";
            }
            else
            {
                $sqlquery = "SELECT * FROM myuser WHERE username = :username AND password = :password";
                $stat = $con->prepare($sqlquery);
                $stat->execute(
                        array(
                            ':username' => $_POST["usern"],
                            ':password' => $_POST["passw"]
                        )
                );
                $countrow = $stat->rowCount();
                if($countrow > 0)
                {
                    $_SESSION["username"] = $_POST["usern"];
                    header("Location: homepage.php");
                }
                else
                {
                    $msg = "<label>Invalid username/password</label>";
                }
            }
        }
}

catch(PDOException $er)
{
    $msg = $er->getMessage();
}   
?>

---

Related Topics