Why I have to call 'exit' after redirection through header('Location..') in PHP?

Posted by Nicolò Martini on Stack Overflow See other posts from Stack Overflow or by Nicolò Martini
Published on 2010-04-30T21:24:16Z Indexed on 2010/04/30 21:27 UTC
Read the original article Hit count: 227

Filed under:
|
|
|

You know that if you want to redirect an user in PHP you can use the header function:

header('Location: http://smowhere.com');

It is also well known that it is a good practice to put also an exit; after the header call, to prevent execution of other php code. So my question is: could the code after the header-location call be effectively executed? In which cases? Can a malicious user be able to completely ignore the header('Location..') call? How?

© Stack Overflow or respective owner

Related posts about php

Related posts about redirect