Detailed description of the header Function

(PHP 3, PHP 4, PHP 5)

Header -- send an original HTTP Header

Description

VoidHeader(String [, bool Replace [, int http_response_code])

Header ()The function is used to send an original HTTP header. For more information about HTTP headers, see the HTTP/1.1 Standard.

Optional ParameterReplaceSpecifies whether to replace the previous similar header or add a header of the same type. It is replaced by default, but if it is setFalseYou can forcibly send multiple headers of the same type. For example:

 

 

<? PHP Header ('www-Authenticate: negotiate '); Header ('www-Authenticate: ntlm', false ); ?>

Second Optional ParameterHttp_response_codeForce HTTP ResponseCodeSet to the specified value (this parameter is newly added in PHP 4.3.0 ).

There are two special header calls. The first is to use the header as a string"HTTP/"(Case Insensitive) can be used to determine the HTTP status code to be sent. For example, if Apache is configured to use PHP to handle the error handling request that cannot find the file (UseErrordocumentCommand), make sure that the script generates the correct status code.

 

 

<? PHP Header ("HTTP/1.0 404 Not Found ") ?>

Note:The HTTP status code header line is always the first to be sent to the client, regardless of the actualHeader ()Whether the call is the first one. Unless the HTTP header has been sent, it can be called by using a new status line at any time.Header ()Function to overwrite the original one.

The second special case is the "Location:" header. It not only sends this header back to the browser, but alsoRedirect(302) the status code is returned to the browser, unless a certain3xxStatus code.

 

 

<? PHP Header ("Location: http://www.example.com/");/* redirect browser */ /* Ensure that subsequent code will not be executed after redirection */ Exit; ?>

Note: the HTTP/1.1 Standard requires an absolute url uri as the location: parameter, but some clients support relative Uris. $ _ server ['HTTP _ host'] and $ _ server ['php _ Self '] and dirname () function to generate an absolute URI from the relative URI:

Note:Even if session. use_trans_sid is enabled, the session ID is not transmitted along with the location header. Must be used manuallySidConstant.

PHP scripts usually generate some dynamic content, which must not be cached by browsers or proxies. Many proxy servers and browsers can be cached in the following way:

 

 

<? PHP Header ("cache-control: No-cache, must-revalidate"); // HTTP/1.1 Header ("expires: Mon, 26 Jul 1997 05:00:00 GMT"); // past time ?>

Note:The webpage may not be buffered even if no code above is output. You can set many options to change the default cache behavior of your browser. By sending the above header, You can overwrite any settings that can cause the script page to be cached.

In addition, when session is usedSession_cache_limiter ()Functions andSession. cache_limiterOption can be used to automatically generate the correct cache-related headers.

RememberHeader ()It must be called before any actual output, whether from a common HTML Tag, empty line, or PHP. A common error is thatInclude (),Require ()Or some other file access functions, some spaces or blank lines are called when reading code.Header ()Previously sent. This error is also common in a separate PHP/html file.

 

 

<HTML> <? PHP /* This will generate an error because the header () * Something has been output before */ Header ('location: http://www.example.com /'); ?>

Note:From PHP 4, some output buffer functions can be used to solve this problem. The cost is to cache all the output to the browser on the server until the following command sends them. Can be used in codeOb_start ()AndOb_end_flush ()To implement such a function, or by modifyingPHP. iniInOutput_bufferingYou can also modify the server configuration file.

If you want to remind the user to save the sent data, such as a generated PDF file, you can force the browser to pop up a save file dialog box by sending the content-Disposition Header to provide a recommended file name.

 

 

<? PHP // This will directly output a PDF file Header ('content-type: Application/pdf '); // In this case, the system will prompt you to download the PDF file downloaded.pdf. Header ('content-Disposition: attachment; filename = "downloaded.pdf "'); // This is the source file of original.pdf Readfile('original '); ?>

Note:A vulnerability in Microsoft Internet Explorer 4.01 makes this mechanism unable to work properly and has no solution. This vulnerability also exists in Microsoft Internet Explorer 5.5. Upgrading to Service Pack 2 or later can solve this problem.

Note:In security mode, ifWWW-AuthenticateHeader (for HTTP Authentication), the UID of the script will be addedRealm.