Re: Header - Redirect Command Not Working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dave (?)

2009/3/11 revDAVE <Cool@xxxxxxxxxxxxxxxx>:
> Hi Bastien - Stuart & Daniel
>
> Thanks for your help!
>
>
> On 3/10/2009 12:16 PM, "Bastien Koert" <phpster@xxxxxxxxx> wrote:
>
>> Are you getting an error? What does 'not working' mean?
>
> No errors the page just stayed on the
> header('Location: show.php'); page - never went to: show.php
>

One more thing to mention: The HTTP Protocoll requires you to give a
full URL on "Location" Headers. That means that this is wrong:
"Location: file.txt"
and this is correct
"Location: http://www.x.x/file.txt";

Not all clients behave like yours and accept the wrong header.



>
> Q: I might have learned something.... Does the: header('Location: xxx.php');
> command need to be in the first php block? On some pages when I make multi
> php blocks into 1 big one and put the header command inside it - it seems to
> work better - is this true?
>
All HTTP headers must be send before your script generates *any* output.
Output means echo's, PHP Notices, etc.
If you *must* output stuff before sending an header, you can use
output buffering, see http://php.net/ob_start


> Q: Also, is it possible that extra whitespace inside the php block can cause
> the header command to not work? (I might have that happening also - looking
> into it)
>

Yes, *any* output - no matter if you output " " or "x" or even ":-)".


>
>>
>>     Well, if the above is in fact the case (and yes, different
>> versions and installations have been known to respond differently),
>> then you can use a browser-based meta refresh, which will work for all
>> browsers anyway:


unless disabled by the user.

>>
>> <?php
>> // .... your code....
>> header('Location: show.php');
>> echo '<meta http-equiv="refresh" content="0;show.php">';


erm .... <META> should be in a html document inside the <HEAD>, not *anywhere*.

>
>
> I tried refresh Daniel - and it worked great!
>
> I even added a GET var to it - worked also
>
> echo '<meta http-equiv="refresh" content="0;show.php?id='.$_GET[id].'">';


Very, very, very bad idea. You just opened a cross site scripting bug.

Imagine someone opens this URL
host/yourfile?id="><script>alert(document.cookie)</script>

You must always escape any input you take.
see http://php.net/security


>
> Thanks again folks!
>


You're welcome.

Byebye

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux