How to Redirect using php

Goal: Redirect to another URL using a PHP script

Prerequisites: A working PHP installation.

Have you ever needed to change the URL of one of your existing php pages? Perhaps you are looking for a way to redirect to another URL after someone has successfully logged in or logged out, or maybe some other kind of logic based url redirection. With PHP there are certainly ways to accomplish these things.

One way that we can achieve an immediate redirection is using the PHP header() function (Documentation here). This allows you to perform an immediate redirect. This function when used properly has the advantage of navigating to a url specified in your script, without any user interaction having to take place. Here's an example:

<?php
header('Location: http://example.com/redirecthere.php');
exit();

You may notice that I also included the exit(); below the header function, and you may be wondering if this is necessary. The short answer is no, it isn't required. However, best practices would dictate you do so and here's why. The header essentially sends a 302 redirect code back to whatever requested the page, however the script that is outputting this request will keep running until it has finished before it sends this 302. Why is this a concern? Well, perhaps your redirect was part of a conditional statement, and you wanted to redirect the user if they didn't have access to a page, but otherwise you would show a list of privileged information. Perhaps it looks something like this:

<?php
if(!$user->hasPermission()) {
    header('Location: http://example.com/redirecthere.php');
}

print_r($socialSecurityNumbers);

Now, you might think, well that looks ok, because if they don't have permission they will get redirected, right? WRONG! The php script will continue to execute all the way through, and it will include whatever that $socialSecurityNumbers variable had in it in the response. Now, most users will never notice this, because they will be immediately redirected and never even see the information display to the screen, but this is only because that is the behavior of most browsers, not because of your programming. This is why any time you are setting the location header, you should take special care to stop your script from executing any further.

Many frameworks already have a function built in that does this for you, if you are building your own scripts without a framework, I often like to write a nice little php redirect function that looks something like this:

<?php
function redirect($url)
{
    header('Location: '.$url);
    exit();
}

redirect('http://example.com'); //redirects to example.com and exits the script

Please note that this is a header request, meaning that if you already have something sitting in the output buffer, this may give you a warning of "Warning: Cannot modify header information". If you decide that you want to simply discard anything in the output buffer you can use the ob_clean(); function just prior to your header() function call. However, if you decide that you really want to send the user whatever was in the output buffer, you should use ob_flush() instead of ob_clean(). Documentation on the ob_ methods can be found on PHP.net.

Loading Conversation