Why I have to call 'exit' after redirection through header('Location..') in PHP?
could the code after the header-location call be effectively executed?
Yes, always. The header
is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header
command from executing.
That is easy enough to do with a command-line client like wget
, for example, by simply telling it not to follow redirects.
Bottom line: If you don't prevent it, PHP will send out the whole body even after a header
call. That body is fully available to the recipient without any special hacking skills.
php - Why should I call exit() after calling Location: header?
The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.
If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient.
php - Should I call exit() after calling Location: header?
You definitely should. Otherwise the script execution is not terminated. Setting another header alone is not enough to redirect.
Will PHP script be executed after header redirect?
Yes, the script continues to process after the call to header('Location: http://google.com')
if you don't explicitly terminate it! I just tried this locally. I added test.php to a site in apache with these contents:
<?php
header('Location: http://google.com');
error_log("WE MADE IT HERE SOMEHOW");
?>
And checked my /var/log/apache2/error_log for this entry:
[Tue Feb 12 23:39:23 2013] [error] [client 127.0.0.1] WE MADE IT HERE SOMEHOW
Possibly surprising, but yes, it continues to execute if you don't halt execution.
PHP: Utilizing exit(); or die(); after header(Location: );
I have been looking for an answer on this as well. What I found:
Why die() or exit():
If you don't put a die() or exit() after your header('Location: http://something')
your script may continue resulting in unexpected behaviour. This may for example result in content being disclosed that you actually wanted to prevent with the redirect (HTTP 301). The aforementioned may not directly be visible for an end user as the browser may not render it (due to the 301). Conclusion, the exit() and die() functions stop the script from continuing.
Difference:
I also wanted to know the difference between the functions as it seems there is none. However, in PHP, there is a distinct difference in Header output.
In the examples below I chose to use a different header but for sake of showing the difference between exit() and die() that doesn't matter.
Exit() in action
<?php
header('HTTP/1.1 304 Not Modified');
exit();
?>
Results in:
HTTP/1.1 304 Not Modified
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Die() in action
<?php
header('HTTP/1.1 304 Not Modified');
die();
?>
Results in:
HTTP/1.1 304 Not Modified
Connection: close
Difference
So, die() closes the connection and exit() doesn't. It depends on performance whether or not you want to keep the connection open or close it. Both have advantages and disadvantages and depends on your specific requirement(s).
HTTP persistent connections on Wiki
Php header location redirect not working
Pekka answered my question in the comments. He didn't post an answer, so I am now. Use the exit()
method after the header redirect. For some reason the rest of the code of the page continues to execute after the header() method redirect. When the rest of the code executes, the echo statement is outputted to the page. And you can't redirect using the header function after you output to the page. To avoid rest of the code from executing, use exit()
. Thanks Pekka.
UPDATE: When using the web browser Internet Explorer, I have noticed that $_POST['cancel'] is not reliable. I am not exactly sure why this is, but I suspect IE posts additional variables on a form submit, specifically the variable 'cancel' is posted. I solved this by using a variable name other than 'cancel'. The combination of using exit() and a unique variable name is working for me.
When should I call header('Location') without die()?
A good example is explained in this PHP user note, copied here for posterity:
A simple but useful packaging of arr1's suggestion for continuing
processing after telling the the browser that output is finished.I always redirect when a request requires some processing (so we don't
do it twice on refresh) which makes things easy...
<?php
function redirect_and_continue($sURL)
{
header( "Location: ".$sURL ) ;
ob_end_clean(); //arr1s code
header("Connection: close");
ignore_user_abort();
ob_start();
header("Content-Length: 0");
ob_end_flush();
flush(); // end arr1s code
session_write_close(); // as pointed out by Anonymous
}
?>
This is useful for tasks that take a long time, such as converting a video or scaling a big image.
header location not working in my php code
That is because you have an output:
?>
<?php
results in blank line output.
header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP
Combine all your PHP codes and make sure you don't have any spaces at the beginning of the file.
also after header('location: index.php');
add exit();
if you have any other scripts bellow.
Also move your redirect header after the last if
.
If there is content, then you can also redirect by injecting javascript:
<?php
echo "<script>window.location.href='target.php';</script>";
exit;
?>
Related Topics
How to Read a Large File Line by Line
Apache Is Downloading PHP Files Instead of Displaying Them
How to Extract Img Src, Title and Alt from HTML Using PHP
How to Convert an Array to Object in PHP
How to Get Body of a Post in PHP
How to "Flatten" a Multi-Dimensional Array to Simple One in PHP
What Is the Use of the @ Symbol in PHP
How to Store My Users' Passwords Safely
Using Jquery $.Ajax to Call a PHP Function
Single Result from Database Using MySQLi
How to Check If an Email Address Exists Without Sending an Email
Apache Shows PHP Code Instead of Executing It
What Is the Most Accurate Way to Retrieve a User'S Correct Ip Address in PHP
Asynchronous Shell Exec in PHP