Redirect in PHP
Moderator: General Moderators
-
rehandalal
- Forum Newbie
- Posts: 10
- Joined: Mon Sep 18, 2006 3:44 am
- Location: Mumbai, India
Redirect in PHP
Hi...
I have a php page which processes a form (and adds the data collected to a mySql database)... How do I get it to re-direct the user to another page after it finishes processing the form...
Thanks!
Rehan
I have a php page which processes a form (and adds the data collected to a mySql database)... How do I get it to re-direct the user to another page after it finishes processing the form...
Thanks!
Rehan
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
-
rehandalal
- Forum Newbie
- Posts: 10
- Joined: Mon Sep 18, 2006 3:44 am
- Location: Mumbai, India
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
^^^ Just a reminder and serious security risk which only seemed to effect my PHP scripts occasionally...but...
If your using redirects to jump to another page and prevent further processing...STOP You can do this, but follow up *EVERY* header with an exit otherwise the remaining code parses and possibly executes...I discovered this problem while workin on my CMS which uses scripts in this way to reduce clock cycles
Serious security hole it was
Cheers
If your using redirects to jump to another page and prevent further processing...STOP You can do this, but follow up *EVERY* header with an exit otherwise the remaining code parses and possibly executes...I discovered this problem while workin on my CMS which uses scripts in this way to reduce clock cycles
Cheers
Yea that's why I always use a function (or method) so that those types of things are taken care of
Code: Select all
function redirect($page){
if(!headers_sent()){
header("Location: " . $page);
exit;
}
else{
// Handle the error...
exit('ERROR: Headers already sent');
}
}-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
You should really try to avoid redirects anyway. It's pretty easy to trap a Location header and ignore it .. which means there's a vector into your application that people can try to exploit. If you're forwarding the user to a page to process something (unset a session variable, send an email, etc) then there's no guarantee that it will have happened at all. All processing should be done prior to sending the user to another page .. and if you're doing that then you might as well send them HTML instead of a Location header.
I agree with onion2k, keep in mind that redirects might not happen!
In that line of thinking:
Of course the even better method is to use a template engine and never worry that a header() call won't succeed.
In that line of thinking:
Code: Select all
function redirect($page){
if(!headers_sent()){
header("Location: " . $page);
} else{
echo "Click <a href='$page'>here</a> to continue"; //silly of course - better use meta+javascript+link - that way at least one of these methods will succeed, the link being the less useful.
}
exit;
}