PHP Zone - Comments for "PHP Redirect Function"

Hey guys! Those of you who

arashidsw — Wed, 21 May 2008 22:42:42 -0400

Hey guys!

Those of you who are wondering about the header and why it executes the lines after it, well apparantly Amir is right, PHP will execute all the commands after header and then redirect. You need to use exit() but that will not clear the resources on the server. This is especially necessary if you are redirecting to another server / website. For that, use die() so that the site clears all the resources. It will look something like this:

header ('Location:'.$URL) ;
die();

Remember that when you use the syntax above, then you cannot use any type of print statements before it else you get the error, headers already sent or something like that. The basic culprits for this error are print, echo or html tags. there are 2 ways to by pass this issue, either declare a redirect function on the top of the page and call that whenever you need to redirect but a more stable way is to use "ob" functions. Something like:

ob_start();
echo "Who Who Ha Ha! Blah Blah Bling!";
header ('Location:'.$URL);
ob_flush();

That should do the trick. Hope that this helps some innocent soul from not spending hours on figuring out what they need to do.
Regards,
Ali

I'm having the same issue as

fightingmongoose — Wed, 21 May 2008 09:57:10 -0400

I'm having the same issue as as viccowface. I'm learning PHP and have arrived at a point where I have to update some information in the database. When that's successful I'd like to redirect back to a page. Here's my code:

<?php require_once("includes/connection.php");?>

<?php require_once("includes/functions.php");?>

<?php

$menu_name = $_POST['menu_name'];

$position = $_POST['position'];

$visible = $_POST['visible'];

<?php $query = "INSERT INTO subjects (

menu_name, position, visible

) VALUES (

'{$menu_name}', {$position}, {$visible}

)";

if (mysql_query($query, $connection)) {

// SUCCESS!

header("location: content.php");

exit;

} else {

//Display error message.

echo "<p>Subject creation failed.</p>";

echo "<p>" . mysql_error() . "</p>";

}?>

<?php mysql_close($connection)?>

I've employed the tip at the top of this post but I still get the header error that I : Cannot modify header information - headers already sent.

I've read that PHP 5+ doesn't allow for headers to be resent to avoid an injection threat. How can I redirect people after successfully completing the upload to the database if I can't use HEADER?

Any help would be greatly appreciated. I'm stuck here.

hi... I got a problem with

viccowface — Fri, 16 May 2008 15:21:23 -0400

hi... I got a problem with the header.... my code is....

<?php

include "conexion.php"; //llama a conectar a BD

$result = mysql_query("select usuario, pass from t_usuario where usuario = '$usuario' and pass = '$pass'", $conexion);
if(mysql_num_rows($result)>0){
   header( "Location: http://www.solucionesclimaticascr.com/ingreso.html" );
   exit;
  } else {
  echo "No le es permitido ingresar a esta área, es restringida";

}

include "cerrar_conexion.php";
?>

it doesn't work the header.... don't call the page.... now if I use this one:

<?php

include "conexion.php"; //llama a conectar a BD

$result = mysql_query("select usuario, pass from t_usuario where usuario = '$usuario' and pass = '$pass'", $conexion);
if(mysql_num_rows($result)>0){
echo "<td>Su ingreso es satisfactorio! </td> \n";
  //echo "<td> </td> \n";
echo "<td><a href='lista_usuarios_noticias.php', 'mainFrame'>Ingrese acá para administrar listado de personas inscritas en Newsletter.</a></td> \n";
   } else {
  echo "No le es permitido ingresar a esta área, es restringida";

}

include "cerrar_conexion.php";
?>

it works... but i don't need display the link... i need if >0 go to page ... ingreso.html and display it on the mainframe cause my page has frames (top and mainframe)

where is my error?

tnks

it's a client-side

amir75 — Sat, 03 May 2008 04:40:11 -0400

it's a client-side redirect.

The header function deals with HTTP response headers so the server script will not deal with it much differently than any other header. The script will just run its natural course. You'll never see the output in the browser because your browser will simply follow the redirect and ignore the output.

You can see for yourself by setting up a small script, then using telnet from a command prompt

Example script redirect-script.php (in your document root):

<?php
header('Location: http://www.google.com/');
echo "private stuff\n";
?>

Telnet test:

Type the following from a dos or unix command prompt:

 telnet yourservername.com 80

(Personally I'm using localhost. It'll say something about your server)

Now type in the following HTTP request header, followed by 2 carriage returns:

GET /redirect-script.php HTTP/1.0

(you need to press enter twice before the server knows you're finished)

It should output something like this ...

HTTP/1.1 302 Found
Date: Sat, 03 May 2008 08:26:59 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5
Location: http://www.google.com/
Content-Length: 14
Connection: close
Content-Type: text/html

private stuff
Connection closed by foreign host.

As you can see it still executes the private stuff, whether it be unauthorised data manipulation or just printing top-secret information back in the response. One other thing to note is that PHP cleverly realises it needs to set the HTTP response code to 302 (rather than 200 OK)

hth

Amir

@David - I'm new to PHP

sharmo — Sat, 03 May 2008 01:12:07 -0400

@David - I'm new to PHP (coming from other server side web languages though) and not sure I understand the need for exit();

header('Location: '.$url);
exit();

If you are already doing a redirect (using header) then why exit the script? Will it not exit automatically as you're redirecting?

Sorry if that's a silly qestion!

Update: Hmm, after reading the docs at php.net it seems you really do need to exit() after calling header(). Still not sure why though if it's a server redirect.

I think a header Location

Unomi — Fri, 14 Mar 2008 18:04:02 -0400

I think a header Location redirect is an awkward way to force people into a direction. Even after a form submission there are more gentle ways to do that.

I would say: avoid this kind of redirects all together. Why? Because it is another request on your server. If you can't handle the request at once, why redirect it?

Do something like this (pseudocode):

if (GET || POST)

handle submitted information

show result page (instead of redirect, show it here directly, saves another request)

else

show form

endif

It sounds strange, but another request implicates loading the libraries again, loading stylesheets and templates again etc.

The one I use is pretty much

frosas — Wed, 05 Mar 2008 18:47:54 -0500

The one I use is pretty much the same but makes sure the URL is absolute (as required by the RFC) and fixes a strange design bug about fragments (I don't remember what solves exactly but I needed it once).

I still don't like that "exit" but is more convenient.

BTW, is session_write_close() really needed?

static function redirect ($url)
{
    $url = Common_Url::create($url)->toAbsolute();
   
    // Bug fix for http://www.w3.org/Protocols/HTTP/Fragment/draft-bos-http-redirect-00.txt
    if ($url->equals(Common_Url::getCurrent()->setFragment(''))) {
        $url->setFragment('redirect-fragment-bugfix');
    }
           
    header('Location: ' . $url);
    exit;
}

Filter the input directly in

lhoguin — Tue, 04 Mar 2008 21:16:50 -0500

Filter the input directly in this function so you can send anything without worrying and you're good.

Thank you for the tip Amir!

davidwalsh — Mon, 03 Mar 2008 09:00:32 -0500

Thank you for the tip Amir!