We use header();
to redirect user.
This is used in very commonly in logging system too.
I have seen that many new PHP developers have used Code 1, but it is security wise very bad code since you can bypass the header redirect.
Question : I have curiosity to know that why official PHP team can't add exit()
to inside header()
?.
If they added it, header() is securty wise good in default also.... But currently we need to add exit()
....
Code 01
if(if logging is fail){
header("Location: http://example.com/erro.php");
}
Code 02
if(if logging is fail){
header("Location: http://example.com/erro.php");
exit();
}