Behavior of "header" in if-statement

Question

This is my code for checking access.

$query = "SELECT user_table.status, expire FROM user_table WHERE username = ?";

if($stmt = $mysqli->prepare($query)){
    $username = phpCAS::getAttribute('uid');
    $stmt->bind_param('s', $username);
    $stmt->execute();
    $stmt->store_result();
    $returned_amount = $stmt->num_rows;


    if($returned_amount>1)
        die("To many user names exists for you!");
    else if(empty($returned_amount))
        header("Location: /101/index.php?type=nouser");


    $stmt->bind_result($status, $expire);
    $stmt->fetch();
    $stmt->free_result();
    $stmt->close();

    if($expire != '0000-00-00 00:00:00' && strtotime($expire) <= time())
        header('Location: /101/index.php?type=expired');

    $access = $status;

}else die("Failed to prepare!");

?>

However when $returned_amount == 0.

it doesn't hit header("Location: /101/index.php?type=nouser");

If I change the code to the following, it fixes the problem, but I don't see why changing it would help.

if($returned_amount>1)
    die("To many user names exists for you!");
else if(empty($returned_amount)){
    header("Location: /101/index.php?type=nouser");
    exit();
}

If I remove the exit();, the header won't be executed.

Answer 1

Just using header() does not mean the code stops executing. Whenever using header() to redirect you need to explicitly call exit() to stop execution of the script.

Answer 2

Make sure there is no whitespace or any other characters that gets outputted in the page. Header() won't work otherwise. Adding exit() stops this from happening. Try removing the ?> at the end of your script as well (it will still work without the enclosing bracket). However it's best that you exit the script once header("Location: ... ") is run because it removes this problem and that's what you intend to do anyway (to quit this page and to go to another page)