PHP Header Redirect? Don’t forget to die();

by Carey on October 15, 2010

Post image for PHP Header Redirect? Don’t forget to die();
  • Share
  • CevherShare
  • Share

There are some instances where you might need to redirect from the page you are on. For example, the user needs to be logged in so whip them away to the login page.

In PHP, this can be done like so:

header("Location: http://www.mysite.com/login.php");

If you do employ this method, don’t forget that the script may continue executing after the user has gone. Always follow up your header redirects with a die();

header("Location: http://www.mysite.com/login.php");
die();

{ 3 comments… read them below or add one }

dragonet123 December 1, 2008 at 4:24 am

header(“Location: http://www.mysite.com/login.php“);

Reply

Jim January 24, 2009 at 3:11 am

This cannot be stressed enough…I have seen on many pages where it shows a basic security mechanism (checking a session variable for example) then just shoves a header at the user.

It took me awhile to figure out from seeing some table updates that weren’t supposed to happen that you need the die if you have *any* code beneath a header() call. You cannot trust that whatever a user submits will not be processed further down the page.

Great tip!

Reply

agente_naranja March 2, 2009 at 7:02 pm

Just like Jim said, it takes a while to notice you have to add die() after the header(). I also had a lot of problems because I was redirecting people when a database query returned an error, something like:

$mysql_query_resource = mysql_query(…);
if( mysql_error($mysql_resource) ){
header(‘location:error.php’);
}

mysql_fetch_assoc($mysql_query_resource);

Obviously if you don’t add die() then the call to mysql_fetch_assoc() would be executed with an invalid parameter, it was a pain in the ass until I learned I had to die().

Thanks for the post :)

Reply

Cancel reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: