Does PHP continue to execute after a PHP redirect?

Question

I'm making a website that does a lot of PHP redirects depending on different scenarios.. Like so...

header("Location: somesite.com/redirectedpage.php");

I'm just trying to get a firm understanding of how the redirect works, for securities sake. My question is, does PHP continue to execute after this header call?

For example... Would the echo still get executed in this bit of code?

function Redirect($URL)
{
    header("Location: " . $URL);
}

Redirect("http://somesite.com/redirectedpage.php");
echo("Code still executed");

If so... Would me changing the Redirect function to this... make it the echo not execute but still redirect?

function Redirect($URL)
{
    header("Location: " . $URL);
    exit(1);
}

Redirect("http://somesite.com/redirectedpage.php");
echo("Code still executed");

I'm just trying to get a firm understanding of how the redirect works, for securities sake.

All `header()` does is __set__ the headers ready for when the response is sent to the browser, it doesn't actually send any response to the browser, so code will still continue executing after any `header()` call unless you explicitly terminate execution — Mark Baker, May 04 '16 at 18:09
You probably don't want to hard-exit after a redirect. You might have other processing to do. — tadman, May 04 '16 at 18:10
You can actually issue multiple `header()` statements to set different response header values (and often you will want to do this, e.g. setting the headers for a file download), so `header()` should not actually send a response (and terminate script execution), otherwise all subsequent header() statements could never be executed — Mark Baker, May 04 '16 at 18:11
I personally use a header redirect followed by a die/exit that sends html with a meta redirect, a location.replace, and just a link to the page I'm redirecting to. So, if the client ignores the header, the meta tags, and doesn't do JavaScript, they will get nothing more than the link for the redirect. — kainaw, May 04 '16 at 18:12
To answer your last question: yes, the `exit(1)` call will stop the `echo` from executing. That is usually what I use if I just want to redirect. But as Rocket Hazmat mentioned in his answer, even if you didn't use `exit(1)`, you wouldn't even see the `echo` because your browser will be redirected. — Cave Johnson, May 04 '16 at 18:16
Related: [https://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php](https://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php) — Cave Johnson, May 04 '16 at 18:20
@kainaw I like how you have this setup. So if I were to send a header redirect, then immediately after echo some javascript for a redirect then after that exit(). The user would ONLY execute the javascript redirect IF the first redirect didn't work? — Ricky, May 04 '16 at 18:23
@Jan I am not sure what you mean by "No" but OP's idea to add `exit(1);` to his `Redirect()` function will do precisely as he expects. Ricky's idea will effectively kill the script's execution and send headers to the web browser and the user will be redirected. — MonkeyZeus, May 04 '16 at 18:25
@Ricky Correct. Optimally, the user won't see anything because the redirect will take place. If that doesn't work, the meta refresh should cause it to immediately redirect. If that doesn't work, the JavaScript should make it redirect. If that fails also, the user sees nothing except a "click here" link. I'm sure there are more forms of redirect you can embed into it. — kainaw, May 04 '16 at 18:42

score 7 · Answer 1 · answered May 04 '16 at 18:10

All the header() statement does is modify the headers your webserver (Apache, nginx, etc.) send to your browser. You've added a Location: header to the page, which tells the browser to redirect to that page. Everything else in the PHP script will execute, including your echo, but you probably won't see it because you are going to be redirected to a new location.

score 1 · Answer 2 · answered May 04 '16 at 18:59

The header command doesn't interrupt the flow of your code. Even if that is encountered, your page is still downloaded by the browser, even if it isn't show. Consider 404 pages, which (despite being errors) are still processed by the browser (though they are rendered while redirects are not).

You can output a lot more headers than just Location headers with header, most of which you don't want to stop your code execution. If you want to stop code execution, you need to call exit explicitly.

Does PHP continue to execute after a PHP redirect?

2 Answers2