A PHP redirect is an extremely useful tool, but it can prove to be dangerous if it is implemented in a wrong way.
You can use the header() function to easily redirect a user to another page. However, this function is not as easy to use as it seems to be. In this guide, you will learn to make a PHP redirect that doesn’t lead to any complicated issues further down the line.
PHP Redirect –The Basic Method
In most of the guides, you will find that to make a PHP redirect you can simply use the header() function at the top of your pages. For that, you need to use the function to send a new URL, as below:
header('Location: '.$newURL.php);
You should use the header function before you pass any HTML or text to the browser of your user, so ensure it is right at the top of the page. This means it should appear before any Java, before the declaration, and before any PHP code. With this, the users will be sent to the new URL.
Though it might seem to be simple, the code’s simplicity can take developers into a false sense of security. So let’s check the way to use this function in a right manner.
Ways to Use header() Function Correctly
Die() and Exit ()
At first, use the die() or exit() modifier whenever you use a redirect. The problem is that crawlers and bots can ignore headers, and so the page that you were redirecting away from can be completely accessible to them. Suppose you want to use a header redirect to secure a particular page, note that it won’t offer you any protection at all.
Hence, it is important to shut down the redirect if it is ignored. For that you need to append die() or exit() after your redirect:
header("Location: .$newURL.php");
die();
Relative and Absolute URLs
Let’s now check about relative and absolute URLs in redirects. You can use both the URLs in RFC 7231, but you should be careful while using relative redirects. The reason is that some website builders order and rename PHP pages. It means that while working on your PHP through a website builder, you might break all of your redirects.
It’s quite unfortunate, that currently there isn’t a proper solution to this problem, determining where your redirects are pointing to.
Status Codes
Another issue with standard PHP redirects is that the location operator of PHP still returns the HTTP 302 code. It should be stopped from doing that, because this code is implemented by many web browsers in an opposite way that it is supposed to function. They make use of the GET command rather than performing a “real” redirect.
While building PHP redirects, it is always essential to mention the code that is returned. It’s quite unfortunate that using the correct code always ends in a debate. With HTTP 301 you get a permanent redirect and this might lead to issues when restoring your original page. HTTP 303 is misunderstood as “other” by several web browsers and can lead to issues when indexing your page via search engines.
Therefore, practically always use HTTP 303 until there is a solution to the HTTP 301 issue.
Check The Documentation
Apart from the above precautions, ensure that you go through the documentation on using PHP redirects before publishing them. Also, read the PHP manual to ensure that you know what you are doing, as well as check the W3C documentation to check if you are following best practice.
While reading, also make sure to secure your website from the common vulnerabilities. For instance, if you are already planning to use PHP redirects, you will need to run a security audit on your website.
Other Methods for PHP Redirect
After learning about all these issues, you might be wondering why to use a PHP redirect? That’s a valid question. Though, PHP redirects are executed particularly in a quick way as compared to other types of redirect, and hence, can be an important tool to improve the website speed, there are other options available.
Let’s check the two main approaches to do this.
- Use the HTML element to redirect from within the HTML portion of your page, or use JavaScript. Below is the way using <meta> would look like:
<meta http-equiv="refresh" content="0;url=newpage.php">
- When you use JavaScript it is a bit more stylish and certainly looks more professional as below:
window.location.replace(“http://newpage.php/”);
Both of these will run slowly as compared to an immediate header() redirect, but offer more flexibility.
A Final Word
When you follow the above steps, it will ensure that your PHP redirects are done securely, if you are able to use multiple PHP redirects, you should rethink about the structure of your site.
There a few good reasons to do that. The first one is that all web hosts aren’t created equally and if you are sending all your visitors on an indirect route around your site, it will surely affect its performance. You can improve it to some extent with the help of affordable web host but only to certain point.
The next reason is that the page from which you are redirecting might be collection data of your visitors without you knowing about it. This can happen when you are using web analytics software for checking your website’s performance.
