I have a user login/registration system that simply uses
// execute queries, set cookies, etc. here
header("Location: " . getenv("HTTP_REFERER"));
I recently read a post about exit();
and die();
and had no idea that I was supposed to be using these. From what I understand, they make it end the PHP? Is that correct? What's the best way I can work toward this, simply adding one of these functions directly after ever header(); execution I have?
I have AJAX, jQuery reading through my login.php/register.php, will this be affect in any way?
Edit: Other than after header();, where else should I be usitilizing the exit();
or die();
functions? And is exit();
more used around PHP whereas die();
more used around Perl?
I have been looking for an answer on this as well. What I found:
If you don't put a die() or exit() after your header('Location: http://something')
your script may continue resulting in unexpected behaviour. This may for example result in content being disclosed that you actually wanted to prevent with the redirect (HTTP 301). The aforementioned may not directly be visible for an end user as the browser may not render it (due to the 301). Conclusion, the exit() and die() functions stop the script from continuing.
I also wanted to know the difference between the functions as it seems there is none. However, in PHP, there is a distinct difference in Header output. In the examples below I chose to use a different header but for sake of showing the difference between exit() and die() that doesn't matter.
<?php
header('HTTP/1.1 304 Not Modified');
exit();
?>
Results in:
HTTP/1.1 304 Not Modified
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
<?php
header('HTTP/1.1 304 Not Modified');
die();
?>
Results in:
HTTP/1.1 304 Not Modified
Connection: close
So, die() closes the connection and exit() doesn't. It depends on performance whether or not you want to keep the connection open or close it. Both have advantages and disadvantages and depends on your specific requirement(s).