a couple questions about php's header function
Moderator: General Moderators
a couple questions about php's header function
I've read in a couple of books and in a handful of online articles that one should always use an absolute url when redirecting to another page with header(), and that one should always use exit() immediately afterward, but I have not been able to find any explanation (either online or in my books) for either of these things, and I keep seeing samples of code that break both "rules." I'm hoping you all can shed some light on the matter.
Is it truly necessary to use an absolute url with header()? If so, why? I've tried it with relative url's, and I haven't noticed a problem.
And is it truly necessary to use exit() after header()? If so, why? Again, I've tried using header() without exit(), and I haven't noticed a problem.
Thanks,
Drew
Is it truly necessary to use an absolute url with header()? If so, why? I've tried it with relative url's, and I haven't noticed a problem.
And is it truly necessary to use exit() after header()? If so, why? Again, I've tried using header() without exit(), and I haven't noticed a problem.
Thanks,
Drew
Re: a couple questions about php's header function
Yes and Yes. You may not have noticed problems with using relative urls, but there are cases where it just doesn't work. I can't remember exactly when, but I'm sure it probably has something to do with IE. You should always call exit after setting the redirect header. If you don't the code after it will execute. Remember, header only sets a header. It doesn't perform the actual redirect.
Re: a couple questions about php's header function
What if there is no php after header()? For example, at the beginning of a page there are a few lines of php: a conditional statement that uses header() to redirect if a particular session variable has not been set. Then the rest of the page is just html, meant to be displayed only if the above session variable has been set. Would it be necessary to exit() after header() in this case?
Does anyone else know the reason for using absolute url's? It's not that I don't believe you, astions. I just like to understand the "why" behind these things.
Cheers,
Drew
Does anyone else know the reason for using absolute url's? It's not that I don't believe you, astions. I just like to understand the "why" behind these things.
Cheers,
Drew
Re: a couple questions about php's header function
Because that's what the specifications require:
It's good practice to call exit after each header location. Plain and simple.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html14.30 Location
The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. For 201 (Created) responses, the Location is that of the new resource which was created by the request. For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource. The field value consists of a single absolute URI.
Location = "Location" ":" absoluteURI
An example is:
Location: http://www.w3.org/pub/WWW/People.html
Note: The Content-Location header field (section 14.14) differs
from Location in that the Content-Location identifies the original
location of the entity enclosed in the request. It is therefore
possible for a response to contain header fields for both Location
and Content-Location. Also see section 13.10 for cache
requirements of some methods.
It's good practice to call exit after each header location. Plain and simple.
Re: a couple questions about php's header function
No doubt it's good practice. But presumedly the specifications are what they are for a reason. I am curious why these things are considered good practice. Presumedly there are some instances when problems would result from omiting the exit() after header(), or from using a relative url with header(), but in my books and in the vast resources online I have not found an explanation of any such instance. I'm just curious.
Cheers,
Drew
Cheers,
Drew
Re: a couple questions about php's header function
Code: Select all
if (!$balance > $itemPrice) {
header('Location: foo');
}
$query = "INSERT INTO ORDERS foo....";
Re: a couple questions about php's header function
Certainly there are many instances when one wouldn't want code to run after a redirect. But I am not asking if there are some times when one should exit() after header(). I'm wondering why some books and articles suggest that one should do it all the time, as I've found a handful of cases in my own scripts where it seems no harm is done by omitting the exit() after header().
But the absolute vs. relative url's question is more interesting to me, as everybody seems to agree that absolute url's should be used with header() redirects, but nobody can explain why. I am well aware that it should be done, that it is done because of certain specifications, and that pretty much everybody does it that way. I just wonder why. Are there any instances where the redirect would not work if it was a relative url?
Cheers,
Drew
But the absolute vs. relative url's question is more interesting to me, as everybody seems to agree that absolute url's should be used with header() redirects, but nobody can explain why. I am well aware that it should be done, that it is done because of certain specifications, and that pretty much everybody does it that way. I just wonder why. Are there any instances where the redirect would not work if it was a relative url?
Cheers,
Drew
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: a couple questions about php's header function
It is not the end of all faux-pas, but as it was brought up it is simply just good practice. Not terminating the execution could lead to bugs that are dificult to track, and as the code becomes more complex in nature it is not a clear case is knowing whether code will be run afterwards. In simple cases such as this, is just better to stick to the general rule to avoid any butt bites down the road.oboedrew wrote:Certainly there are many instances when one wouldn't want code to run after a redirect. But I am not asking if there are some times when one should exit() after header(). I'm wondering why some books and articles suggest that one should do it all the time, as I've found a handful of cases in my own scripts where it seems no harm is done by omitting the exit() after header().
It comes down to browser compabatility. Some browsers, more specifically older browsers, have issues with relative redirects. I'm not exactly sure how big of an issue this is these days though.oboedrew wrote:But the absolute vs. relative url's question is more interesting to me, as everybody seems to agree that absolute url's should be used with header() redirects, but nobody can explain why. I am well aware that it should be done, that it is done because of certain specifications, and that pretty much everybody does it that way. I just wonder why. Are there any instances where the redirect would not work if it was a relative url?
Re: a couple questions about php's header function
Yes there are. Some browsers don't understand relative urls in the location tag. Also, because you are violating specs by not including an absolute url, you risk the chance of it not working correctly when another application doesn't understand what you sent.oboedrew wrote:Are there any instances where the redirect would not work if it was a relative url?
Yes, there are situations where it's perfectly fine to not call exit after you send the location tag. For example, if there is nothing after you set the redirect header it's perfectly fine. The problem is that if there is code or content after it, it will be executed and sent to the browser. This can waste bandwidth, result in unexpected behavior and open up security vulnerabilities.
Now, you might say, ok I understand that. I'll just use exit() whenever I "really" need to. This is not a correct approach. Sooner or later yourself or someone else will come along and modify the code. They will be focused on what they are editing and won't even think to add an exit after the redirect. So now, no one the wiser, you've got code running, possibly parsing input data and acting on it, and you will never know.
So, just use the exit() call and avoid all the messes that can come along with not using it. It will come back and bite you if you don't. Sooner or later.
Re: a couple questions about php's header function
Ah, thanks for the clarification, guys. That does make more sense. Being relatively new to php and entirely self-taught, I don't tend to think of what will happen down the road when somebody else tries to modify a script of mine, or when I come back and expand a script that I wrote years earlier. In both cases, I suppose it makes a lot of sense to avoid the inconvenience of going through and checking to make sure an exit() was included after each header(), even if it wasn't absolutely necessary in the original version of the script.
Cheers,
Drew
Cheers,
Drew