PHP Header Detailed

PHP Header Detailed
(PHP 3, PHP 4, PHP 5)

Header--Sends an original HTTP header description
void header (String string [, bool replace [, int http_response_code]])


The header () function is used to send an original HTTP header. See the http/1.1 specification for more information about HTTP headers.

The optional parameter, replace, indicates whether to replace the previous similar header or to add a header of the same type. The default is replace, but if you set it to FALSE, you can force multiple, homogeneous headers to be sent. For example:

Header (' www-authenticate:negotiate ');
Header (' WWW-AUTHENTICATE:NTLM ', false);
?>



The Second optional parameter, Http_response_code, forces the HTTP response code to be set to the specified value (this parameter is a new addition to PHP 4.3.0).

There are two special types of header calls. The first is that the header begins with the string "http/" (not important in case) and can be used to determine the HTTP status code to send. For example, if Apache is configured with PHP to handle error-handling requests that cannot find files (using the ErrorDocument Directive), you need to make sure that the script produces the correct status code.

Header ("http/1.0 404 Not Found")
?>



Note: The HTTP status code header line is always the first to be sent to the client, and does not control whether the actual header () call is the first one. Unless the HTTP header has been sent, you can overwrite the original by invoking the header () function with the new state line at any time.

The second special case is the "location:" header. It does not just send the label back to the browser, it also returns a REDIRECT (302) status code to the browser, unless a 3XX status code has been issued before.

Header ("location:http://www.example.com/"); /* Redirect Browser */

/* Ensure that subsequent code is not executed after redirection */
Exit
?>



Note: The http/1.1 standard requires an absolute address URI as the location: parameter, but there are some clients that support relative URIs. You can usually use $_server[' http_host ', $_server[' php_self '] and the dirname () function to generate an absolute URI from a relative URI:

Header ("location:http://". $_server[' Http_host ')
. RTrim (dirname ($_server[' php_self '), '/\\ ')
." /". $relative _url);
?>



Note: Even if the session.use_trans_sid,session ID is enabled, it will not be passed along with the location header information. Must be passed manually with SID constants.

PHP scripts often produce dynamic content that must not be cached by the browser or proxy server. Many proxy servers and browsers can be disabled by the following methods:

Header ("Cache-control:no-cache, must-revalidate"); http/1.1
Header ("Expires:mon, Jul 1997 05:00:00 GMT"); The past time
?>



Note: You may find that even if you do not output all of the above code, the page is not buffered. There are many options that users can set to change the browser's default caching behavior. By sending the above header, you should be able to overwrite any settings that could cause the script page to be cached.

In addition, when a session is used, the Session_cache_limiter () function and the Session.cache_limiter option can be used to automatically generate the correct cache-related headers.

Remember that the header () must be called before any actual output, whether it's from a normal HTML tag, a blank line, or PHP. One common mistake is that when reading code through include (), require (), or some other file access class function, some spaces or blank lines are sent before the header () is called. This error is also common in a separate php/html file.

/* This will produce an error because the header ()
* I've been outputting something before * *
Header (' location:http://www.example.com/');
?>



Note: Since PHP 4, some output buffering functions can be used to solve this problem. The price is to keep all the output from the browser on the server until the next command sends them. You can use Ob_start () and Ob_end_flush () in your code to implement such functionality, either by modifying the output_buffering configuration options in php.ini, or by modifying the server configuration file.

If you want to prompt the user to save the data sent, such as a generated PDF file, you can force the browser to pop up a save file dialog by sending the Content-disposition header with the recommended file name.

This will output a PDF file directly
Header (' content-type:application/pdf ');

Doing so will prompt you to download the PDF file downloaded.pdf
Header (' content-disposition:attachment; filename= ' downloaded.pdf ');

This is the source file for Original.pdf.
ReadFile (' original.pdf ');
?>



Note: A vulnerability in Microsoft Internet Explorer 4.01 prevented the mechanism from working properly without a solution. A vulnerability in Microsoft Internet Explorer 5.5 also affects this, and upgrading to Service Pack 2 or later can be resolved.
Note: In safe mode, if the Www-authenticate header (for HTTP authentication) is set, the UID of the script is added to the Realm section.
tags-php, header, detailed

