Does header("Location") Behave Like A die() Statement?

[JustinK101]

We just ran across something very confusing using header("Location"). Does header("Location") work just like a die() statement, in that execution stops? Because we found that execution can continue for a few lines even after hitting the header("Location"). For example, take this:

 

<?php

      if(empty($_POST['username']) || empty($_POST['password'])) {

header("Location: /login");

}

 

        header("Location: /home");

?>

 

When testing, and $_POST['username'] and $_POST['password'] were empty, we were being redirected to /home instead of /login.

[Pikachu2000]

No. You need to follow a header(); with an exit(); to stop the script from executing further.

[JustinK101]

Wow, that is very interesting. I wonder how many PHP applications have this security hole. Can we combine the header() and die()? Like:

 

die(header("Location: /login"))

[Pikachu2000]

I don't know; I've never tried it . . .

[MasterK]

die(header('Location:http://www.google.com/'));

 

This does work, I have used it a few times