Page 1 of 1
Redirect in PHP
Posted: Tue Sep 19, 2006 7:50 pm
by rehandalal
Hi...
I have a php page which processes a form (and adds the data collected to a mySql database)... How do I get it to re-direct the user to another page after it finishes processing the form...
Thanks!
Rehan
Posted: Tue Sep 19, 2006 7:52 pm
by Christopher
Code: Select all
header('Location: http://www.mysite.com/nextpage.php');
Posted: Tue Sep 19, 2006 7:59 pm
by rehandalal
thanks... works great...
Posted: Tue Sep 19, 2006 8:13 pm
by alex.barylski
^^^ Just a reminder and serious security risk which only seemed to effect my PHP scripts occasionally...but...
If your using redirects to jump to another page and prevent further processing...
STOP You can do this, but follow up *EVERY* header with an
exit otherwise the remaining code parses and possibly executes...I discovered this problem while workin on my CMS which uses scripts in this way to reduce clock cycles

Serious security hole it was
Cheers

Posted: Tue Sep 19, 2006 8:19 pm
by Luke
Yea that's why I always use a function (or method) so that those types of things are taken care of
Code: Select all
function redirect($page){
if(!headers_sent()){
header("Location: " . $page);
exit;
}
else{
// Handle the error...
exit('ERROR: Headers already sent');
}
}
Posted: Tue Sep 19, 2006 8:45 pm
by alex.barylski
^^^ Good practice

Posted: Wed Sep 20, 2006 3:38 am
by onion2k
You should really try to avoid redirects anyway. It's pretty easy to trap a Location header and ignore it .. which means there's a vector into your application that people can try to exploit. If you're forwarding the user to a page to process something (unset a session variable, send an email, etc) then there's no guarantee that it will have happened at all. All processing should be done prior to sending the user to another page .. and if you're doing that then you might as well send them HTML instead of a Location header.
Posted: Wed Sep 20, 2006 6:43 am
by Mordred
I agree with
onion2k, keep in mind that redirects might not happen!
In that line of thinking:
Code: Select all
function redirect($page){
if(!headers_sent()){
header("Location: " . $page);
} else{
echo "Click <a href='$page'>here</a> to continue"; //silly of course - better use meta+javascript+link - that way at least one of these methods will succeed, the link being the less useful.
}
exit;
}
Of course the even better method is to use a template engine and never worry that a header() call won't succeed.