Header Redirect to a page after validating PHP

Depending on what you are doing, what you are suggesting will be better or just the same.

Why they say it's better: because the header does not have to be the last command to run on your page. It may be the case that you have more PHP or HTML code after header and it will be executed and sent to the browser. Let's see some scenarios in which not putting exit (or die ) can change the result:

• If in the code that comes after there is another header , the browser may not redirect to the page you expect (it will be redirected to the last one);
• If an error occurs with the header , the code will continue to run and the user can see content that should not (although a good program structure would avoid this problem);
• If the user deactivates the Location header (in which case, what is mentioned in the previous case would occur).

As you can see, all those scenarios will only apply if there is code after the header but if the header is the last command on the page, have exit after or not, it will give equal because the result will always be the same.

And about 301, as I put you in a comment: the default redirection that makes header is a 302 (temporary redirect). If you do not have a strong reason to be a permanent redirect (301), I would recommend that you do not do so because it can give you headaches (the browser and ISPs cache him and there is no way to tell them to undo it if it turns out that It is not permanent). And if you are doing verifications (after sending a form) I can not believe that what you want is a permanent redirect (it could be the case, but it would be weird).

First of all here is the PHP header manual , next here is the" error code "HTTP .

Step to explain, nothing on the page should be loaded before or after a redirect, that's why it is used in "exit ();", is to cut the execution and make sure that no other header redirection will be executed for example .

In turn, as you will notice from the aforementioned documentation, the error code belongs to let's say "a redirection notice" for the browser. Many browsers or add-ons for them detect multiple redirections and block them (due to suspicion of fraudulent sites or abuse of advertising).

The "True" is really unnecessary, since it is the default value, surely it uses it to "arrive" at the third argument that is the error code, it could use "null" without changing the operation.

By default header sends the parameter replace (where the true is sent) as true in case it is not indicated.

According to your documentation :

  

Parameter replace optional indicates whether the header should replace   a similar previous header or add a second header of the   same kind. By default, it will be replaced, but if you pass FALSE as second   argument, you can force multiple headers of the same type.

According to the same example, you can send several headers with the same name but with different values:

<?php
header('WWW-Authenticate: Negotiate');
header('WWW-Authenticate: NTLM', false);
?>

In the indicated example, 2 headers will be sent with both the Negotiate and NTLM . If you want only the headers to be sent as unique, indicate true .

Now, how would this be more secure or not depend on how you are managing the headers in your application, something you did not explain.