Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Moderator: General Moderators
andym01480
Forum Contributor
Posts: 390 Joined: Wed Apr 19, 2006 5:01 pm
Post
by andym01480 » Wed Mar 04, 2009 5:02 pm
If i have an
Code: Select all
if($foo=='bar'){
header("Location:somewhere-else.php");
exit();
}
in an included script does that just stop executing the include script or the script that included it too?
Kaisell's got me worried! (From a topic a few weeks ago that popped in my head again)
atonalpanic
Forum Commoner
Posts: 29 Joined: Mon Mar 02, 2009 10:20 pm
Post
by atonalpanic » Wed Mar 04, 2009 6:10 pm
I believe it stops everything, but you can try it yourself with something like:
test.php
Code: Select all
<?php
require "other.php";
echo "Execution continues.";
?>
other.php
andym01480
Forum Contributor
Posts: 390 Joined: Wed Apr 19, 2006 5:01 pm
Post
by andym01480 » Thu Mar 05, 2009 1:50 am
Looks like it in a browser - what about hacker tools?
Benjamin
Site Administrator
Posts: 6935 Joined: Sun May 19, 2002 10:24 pm
Post
by Benjamin » Thu Mar 05, 2009 1:55 am
exit() and die() both halt all script execution for the current request.
andym01480
Forum Contributor
Posts: 390 Joined: Wed Apr 19, 2006 5:01 pm
Post
by andym01480 » Thu Mar 05, 2009 2:18 am
Thanks is the current request the include or the script that included it?
Benjamin
Site Administrator
Posts: 6935 Joined: Sun May 19, 2002 10:24 pm
Post
by Benjamin » Thu Mar 05, 2009 2:51 am
Both.
If you only want to halt execution of an included file you can use return;
kaisellgren
DevNet Resident
Posts: 1675 Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.
Post
by kaisellgren » Thu Mar 05, 2009 4:13 pm
andym01480 wrote: If i have an
Code: Select all
if($foo=='bar'){
header("Location:somewhere-else.php");
exit();
}
in an included script does that just stop executing the include script or the script that included it too?
It stops them both.