Menu
You know that if you want to redirect an user in PHP you can use the header function:
header('Location: http://smowhere.com'); It is also well known that it is a good practice to put also an exit; after the header call, to prevent execution of other php code. So my question is: could the code after the header-location call be effectively executed? In which cases? Can a malicious user be able to completely ignore the header('Location..') call? How?
870
You definitely should. Otherwise the script execution is not terminated. Setting another header alone is not enough to redirect. exit always interrupts the current script (in your case "fileA").
PHP. Redirection allows you to redirect the client browser to a different URL. You can use it when you're switching domains, changing how your site is structured, or switching to HTTPS. In this article, I'll show you how to redirect to another page with PHP.
Answer: Use the PHP header() Function You can simply use the PHP header() function to redirect a user to a different page. The PHP code in the following example will redirect the user from the page in which it is placed to the URL http://www.example.com/another-page.php .
could the code after the header-location call be effectively executed?
Yes, always. The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.
That is easy enough to do with a command-line client like wget, for example, by simply telling it not to follow redirects.
Bottom line: If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient without any special hacking skills.
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
