is PHP "header" the same as HTML "action"?

Question

This is a problem that I've had for a few days now. When I do

<form action = "something.php" method="post">

It always works, but when I try to switch this up in PHP with header I have a few problems. What I am trying to do is check if the input data is written in, if not then echo a certain phrase but if everything is written in then log in.

<?php 
$usernameErr = $passwordErr = "";

if (isset($_POST['submit'])) {
if(empty($_POST["uid"])){
    $usernameErr = "Username required";
};

if(empty($_POST["pwd"])){
    $passwordErr = "Password required";
} ;
if(!empty($_POST["uid"]) and !empty($_POST["pwd"])) {
    header("Location: login.php");
};
};  

?>

<form name="frm" method="post">
<input type = "text" name = "uid"  placeholder = "Username"; >
<?php echo         $usernameErr; ?> <br>
<input type = "password" name = "pwd"  placeholder = "Password" ; >
<?php echo $passwordErr?> <br>
<input name="submit" type="submit" id="submit" onclick="action()" value="submit" >
</form>
<?php

if (isset($_SESSION['id'])){
echo $_SESSION['id'],"  ", "You've succesfully logged in";
} else {
    echo "youre not logged in";
}
?>

What are "a few problems" please elaborate what is going wrong / what errors you are getting — Epodax, Aug 02 '16 at 08:29
There's a serious logical flaw here afaict; if you *POST* `uid` and `pwd` data to this page it'll just redirect to *login.php* (though there should be a `die()` after that header redirect). I presume *login.php* should actually perform the action of logging in... but it won't have the `uid` and `pwd` data to login with since you just did a basic 302 redirect. So **no**, `action="..."` is **not** the same as a `header(Location: ...)` redirect. — CD001, Aug 02 '16 at 08:33
@CD001 So then what should I do to make it log in properly? I have my login.php page which does work with "action", but i also want to check if the input are written in. — Mr.Question, Aug 02 '16 at 08:57
Put the validation in login.php and have it handle the error state if the required data *isn't* there, either by redirecting to a specific error handler or printing an error message to the screen. Normally you'd have the form post to "itself", check the validity and attempt the login - if everything is OK, redirect to the account page - otherwise display the login form again with details of the error. — CD001, Aug 02 '16 at 09:01

score 0 · Accepted Answer · edited May 23 '17 at 12:06

No.

The form action property holds the URL the webpage will redirect you to AFTER you SUBMIT the form. (MDN Docs - Form)
The php header() function sends a header to the client browser. The header("Location: http://www.example.com/"); also sets the HTTP Status Code to 302 - Redirect which causes the browser to redirect to the new location added in the header.

Note: About redirecting in PHP: https://stackoverflow.com/a/768472/4257747

tl;dr: Remember to use header() before any prints. Use die() or exit() inmediately after adding the Location header.

As a last note. Your code, albeit not great, should end up redirecting to login.php. What is exactly the issue you are having? If you want to display a 'logged in' message, you should probably display it on the login.php file.

is PHP "header" the same as HTML "action"?

1 Answers1

No.