When you request a web page be brought back to your browser, you're not just bringing back the web page. You're also bringing back something called a HTTP HEADER. This is some extra information, such as type of programme making the request, date requested, should it be displayed as a HTML document, how long the document is, and a lot more besides.
One of the things HTTP HEADER also does is to give status information. This could be whether the page was found (404 errors), and the location of the document. If you want to redirect your users to another page, here's an example:
<?PHP
header("Location: http://www.homeandlearn.co.uk/");
?>
<html>
<body>
</body>
</body>
</html>
Note how the header code goes before any HTML. If you put header code after the HTML, you'll get an error along the lines of "Cannot modify header information."
Description
void header ( string
$string [, bool $replace = true [, int $http_response_code ]] )
header() is used to send a raw HTTP header. See the » HTTP/1.1 specification for more information on HTTPheaders.
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.
<html>
<?php/* This will give an error. Note the output
* above, which is before the header() call */header('Location: http://www.example.com/');
exit;?>Parameters
string- The header string.There are two special-case header calls. The first is a header that starts with the string "HTTP/" (case is not significant), which will be used to figure out the HTTP status code to send. For example, if you have configured Apache to use a PHP script to handle requests for missing files (using the ErrorDocumentdirective), you may want to make sure that your script generates the proper status code.
<?php
header("HTTP/1.0 404 Not Found");?>The second special case is the "Location:" header. Not only does it send this header back to the browser, but it also returns a REDIRECT (302) status code to the browser unless the 201 or a 3xx status code has already been set.<?php
header("Location: http://www.example.com/"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */exit;?> replace- The optional
replaceparameter indicates whether the header should replace a previous similar header, or add a second header of the same type. By default it will replace, but if you pass inFALSEas the second argument you can force multiple headers of the same type. For example:<?php
header('WWW-Authenticate: Negotiate');header('WWW-Authenticate: NTLM', false);?> http_response_code- Forces the HTTP response code to the specified value. Note that this parameter only has an effect if the
stringis not empty.
Changelog
| Version | Description |
|---|---|
| 5.1.2 | This function now prevents more than one header to be sent at once as a protection against header injection attacks. |
Examples
Example #1 Download dialog
If you want the user to be prompted to save the data you are sending, such as a generated PDF file, you can use the » Content-Disposition header to supply a recommended filename and force the browser to display the save dialog.
<?php// We'll be outputting a PDFheader('Content-Type: application/pdf');
// It will be called downloaded.pdfheader('Content-Disposition: attachment; filename="downloaded.pdf"');
// The PDF source is in original.pdfreadfile('original.pdf');?>
Example #2 Caching directives
PHP scripts often generate dynamic content that must not be cached by the client browser or any proxy caches between the server and the client browser. Many proxies and clients can be forced to disable caching with:
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past?>
No comments:
Post a Comment