The answer is: It is recommended to add exit, but not mandatory. After using header('Location: ...') in PHP, the script will continue to execute subsequent code, which may lead to unnecessary output, security risks or logical errors; therefore, it is recommended to add exit or die to terminate the script; if there is no other logic after the jump and the script ends naturally, exit can be omitted; to ensure security and clear code, it is recommended to use header exit to combine or encapsulate the jump function.

Whether to add exit after using header('Location: ...') in PHP is actually a very common question. The answer is: In most cases, it is recommended to add exit or die , but it is not mandatory . The key is whether the behavior of the script will continue to be executed after it jumps.

Why are exits usually added after header location?

When you call header('Location: ...') , PHP only sets the HTTP response header and will not automatically stop the script execution. In other words, the subsequent code will continue to run .

for example:

 header('Location: https://example.com');
echo 'This message will still be output (if not buffered)';

Although the browser usually jumps immediately after receiving the Location header, the server-side script is still running, which may cause:

• Output excess content, affecting the response result
• Execution of subsequent logic (such as database operations) brings security risks or wrong behaviors

So to be on the safe side, we usually add exit; after header('Location: ...') to explicitly terminate the script:

 header('Location: https://example.com');
exit;

What will happen if you don't add exit?

Although most of the time the browser will jump directly according to the Location header, without waiting for the server to respond in full, the following situations may cause problems:

• The output cache is not enabled, and the excess output may be received by the browser, causing jump failure or page confusion
• If there are sensitive operations after the jump (such as modifying the database, printing logs, etc.), these codes will still be executed, which poses a security risk.
• When the program logic is complex, it is easy to misjudgment the direction of the process, which is not conducive to maintenance and troubleshooting problems.

For example:

 if (!is_logged_in()) {
    header('Location: login.php');
}
// Even if it jumps, the following code will still execute delete_user($_GET['id']);

If the above code does not add exit , when the logged-in user accesses the page, although it will be redirected to the login page, delete_user() will still be executed, with serious consequences.

When can I not exit?

If you are sure:

• No other output or logic processing after jump
• The current script will end naturally after the header call

Then exit can be omitted. For example:

 if ($redirect_needed) {
    header('Location: /new-page');
}
// There is no else branch, and no other logic

But even so, exit is still a clearer and safer approach.

Small suggestions: Unified writing is safer

To avoid omissions, a unified writing method is recommended:

 header('Location: somewhere.php');
exit;

Or encapsulated into functions:

 function redirect($url) {
    header("Location: $url");
    exit;
}

This not only reduces the chance of making mistakes, but also makes the code easier to maintain.

Basically that's it. Whether to exit or not actually depends on your program structure, but in a safe scenario involving jumps, it is a good habit to add exit.

The above is the detailed content of PHP header location needs exit. For more information, please follow other related articles on the PHP Chinese website!