Include or Header PHP

Soldato
Joined
30 Nov 2005
Posts
3,084
Location
London
Very basic question but, when would one use the following:

header("location: destination_url.php");

over

include "destination_url.php";

Is a header safer over include, in terms of POST values.

Thanks,

James
 
included text will be interpreted as php. putting the header to be the location of another file asks the user agent to search for the other file and use that instead

With user created content, header could be abused to view another file, whereas include could be abused to execute arbritrary code, but in your case both are being specified explicitly.
 
Im developing user registration in php.

There are checks in place that looks to see if a username already exists, if so then so far I have
Code:
die include(something.php)

Is this the right way or should it be header?
 
I suspect include is probably correct, you can pass variables etc to the included file because it is part of the same http request, returning header simply makes the browser point to another file where it starts all over again.
 
Is this for code you are displaying to the customer in the actual html?

i.e. something like:
Code:
if ($userAuthenticated) {
  include('wellDone.php');
} else {
  include('sodOff.php');
}
This will insert the contents of the file directly into this section of the script, execute it, and then continue with the original script. As Shoseki mentioned, any variables in the original script will be available to the included code.

If you do a header redirect:
Code:
if ($userAuthenticated) {
  header('Location: wellDone.php');
} else {
  header('Location: sodOff.php');
}
then no further code is executed after this point, and the users browser is re-directed to the new script as if they have come to it from a link or by directly typing it in their browser, meaning none of the variables in your original script are available.

Which you use will depend entirely on how you want to structure your program.

Generally, the include method is useful if you want to insert conditional sections in your displayed html - i.e. if you only want to show a certain panel or menu item when a user is logged in.

The header redirect method is useful if you have a login box, and want to re-direct the user back to whichever page they were on after they have successfully authenticated - i.e. halfway through a checkout process or reading a particular thread on a forum.

Hope that helps.
 
Here is what I have:

Code:
$userexist = mysql_query("mysql query here");

$username_exist = mysql_num_rows($userexist);

if($username_exist > 0){ 
die(include "regerrorusername.php");
}

If a user does not exist the rest of the code (not shown) is run, such as checking whether the email is a valid email address, check two passwords are the same etc.

Is the include suitable?
 
Here is what I have:

Code:
$userexist = mysql_query("mysql query here");

$username_exist = mysql_num_rows($userexist);

if($username_exist > 0){ 
die(include "regerrorusername.php");
}

If a user does not exist the rest of the code (not shown) is run, such as checking whether the email is a valid email address, check two passwords are the same etc.

Is the include suitable?

That seems a very strange usage of die()... i'd just do:

Code:
if($username_exist > 0){ 
include("regerrorusername.php");
}

Also, it might be worth doing any string checking (which is quick) before hitting the database with a query (which is slower)... that way you don't have to run the query at all if one of the previous validation methods has failed.

No-doubt the pre-optimization police will be here in a minute or two to correct me ;)
 
Perhaps I've got the wrong understanding of the Die function, thought it would just terminate and thus stopping anything else from running.

And before the pre-optimization police come sniffing around :p I have the MySQL real escape and string replace for whitespace.

Edit: Just need something to remove all Characters other than numbers or letters.
 
Last edited:
Perhaps I've got the wrong understanding of the Die function, thought it would just terminate and thus stopping anything else from running.

And before the pre-optimization police come sniffing around :p I have the MySQL real escape and string replace for whitespace.

Edit: Just need something to remove all Characters other than numbers or letters.

It's usually used to terminate a script partway through, on an application error or some other condition where continuing isn't ideal.

The parameter it takes is a string which generally contains the reason for the termination or an error code. It's possible your code will have worked because the included file generated a string but it's not good practice.

I try to avoid die() / exit() where possible on web applications because it's not a very graceful way of dumping out your users if there's a problem.


If you want to strip non-alphanumeric characters try preg_replace().
 
If you do a header redirect:
Code:
if ($userAuthenticated) {
  header('Location: wellDone.php');
} else {
  header('Location: sodOff.php');
}
then no further code is executed after this point, and the users browser is re-directed to the new script as if they have come to it from a link or by directly typing it in their browser, meaning none of the variables in your original script are available.

Actually, code execution continues, though the browser ignores any output following the header block.
 
Back
Top Bottom