Redirect in PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rehandalal
Forum Newbie
Posts: 10
Joined: Mon Sep 18, 2006 3:44 am
Location: Mumbai, India

Redirect in PHP

Post by rehandalal »

Hi...

I have a php page which processes a form (and adds the data collected to a mySql database)... How do I get it to re-direct the user to another page after it finishes processing the form...

Thanks!

Rehan
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Code: Select all

header('Location: http://www.mysite.com/nextpage.php');
(#10850)
rehandalal
Forum Newbie
Posts: 10
Joined: Mon Sep 18, 2006 3:44 am
Location: Mumbai, India

Post by rehandalal »

thanks... works great...
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

^^^ Just a reminder and serious security risk which only seemed to effect my PHP scripts occasionally...but...

If your using redirects to jump to another page and prevent further processing...STOP You can do this, but follow up *EVERY* header with an exit otherwise the remaining code parses and possibly executes...I discovered this problem while workin on my CMS which uses scripts in this way to reduce clock cycles ;) Serious security hole it was

Cheers :)
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Yea that's why I always use a function (or method) so that those types of things are taken care of

Code: Select all

function redirect($page){
    if(!headers_sent()){
        header("Location: " . $page);
        exit;
    }
    else{
        // Handle the error... 
        exit('ERROR: Headers already sent');
    }
}
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

^^^ Good practice ;)
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

You should really try to avoid redirects anyway. It's pretty easy to trap a Location header and ignore it .. which means there's a vector into your application that people can try to exploit. If you're forwarding the user to a page to process something (unset a session variable, send an email, etc) then there's no guarantee that it will have happened at all. All processing should be done prior to sending the user to another page .. and if you're doing that then you might as well send them HTML instead of a Location header.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

I agree with onion2k, keep in mind that redirects might not happen!
In that line of thinking:

Code: Select all

function redirect($page){ 
    if(!headers_sent()){ 
        header("Location: " . $page); 
    } else{ 
        echo "Click <a href='$page'>here</a> to continue"; //silly of course - better use meta+javascript+link - that way at least one of these methods will succeed, the link being the less useful.
    } 
   exit;
}
Of course the even better method is to use a template engine and never worry that a header() call won't succeed.
Post Reply