Page 1 of 1

Redirect in PHP

Posted: Tue Sep 19, 2006 7:50 pm
by rehandalal
Hi...

I have a php page which processes a form (and adds the data collected to a mySql database)... How do I get it to re-direct the user to another page after it finishes processing the form...

Thanks!

Rehan

Posted: Tue Sep 19, 2006 7:52 pm
by Christopher

Code: Select all

header('Location: http://www.mysite.com/nextpage.php');

Posted: Tue Sep 19, 2006 7:59 pm
by rehandalal
thanks... works great...

Posted: Tue Sep 19, 2006 8:13 pm
by alex.barylski
^^^ Just a reminder and serious security risk which only seemed to effect my PHP scripts occasionally...but...

If your using redirects to jump to another page and prevent further processing...STOP You can do this, but follow up *EVERY* header with an exit otherwise the remaining code parses and possibly executes...I discovered this problem while workin on my CMS which uses scripts in this way to reduce clock cycles ;) Serious security hole it was

Cheers :)

Posted: Tue Sep 19, 2006 8:19 pm
by Luke
Yea that's why I always use a function (or method) so that those types of things are taken care of

Code: Select all

function redirect($page){
    if(!headers_sent()){
        header("Location: " . $page);
        exit;
    }
    else{
        // Handle the error... 
        exit('ERROR: Headers already sent');
    }
}

Posted: Tue Sep 19, 2006 8:45 pm
by alex.barylski
^^^ Good practice ;)

Posted: Wed Sep 20, 2006 3:38 am
by onion2k
You should really try to avoid redirects anyway. It's pretty easy to trap a Location header and ignore it .. which means there's a vector into your application that people can try to exploit. If you're forwarding the user to a page to process something (unset a session variable, send an email, etc) then there's no guarantee that it will have happened at all. All processing should be done prior to sending the user to another page .. and if you're doing that then you might as well send them HTML instead of a Location header.

Posted: Wed Sep 20, 2006 6:43 am
by Mordred
I agree with onion2k, keep in mind that redirects might not happen!
In that line of thinking:

Code: Select all

function redirect($page){ 
    if(!headers_sent()){ 
        header("Location: " . $page); 
    } else{ 
        echo "Click <a href='$page'>here</a> to continue"; //silly of course - better use meta+javascript+link - that way at least one of these methods will succeed, the link being the less useful.
    } 
   exit;
}
Of course the even better method is to use a template engine and never worry that a header() call won't succeed.