Justin French wrote:

>on 03/07/02 11:54 AM, Richard Lynch ([EMAIL PROTECTED]) wrote:
>>Rule of Thumb:
>>If you have to do header("Location: ...")  you have a
>>design/engineering/organizational problem in your code/pages/site.
>>I'm sure a zillion people will disagree with this "rule"
>I agree, except there's one exception to this that I can't see a way around.
>When dealing with form submissions the receiving file needs to validate all
>the code before anything is sent to the browser, update the database (or
>whatever) and then redirect to itself with some sort of GET flag that issues
>a thankyou note or something.
>Otherwise people can hit "refresh" and post the data twice, or 10 times :)

This is the most common legitimate use of the "Location" header.

I don't agree with the general rule of thumb that the use of the 
"Location" header is bad, but I have reviewed plenty of code where 
people misuse it terribly, as a lazy goto-style operation. In most 
cases, you do want to design your application to:
1) receive data
2) analyze data
3) respond with appropriate response

If you instead do this:
1) receive data
2) analyze data
3) respond with a "Location" header telling the Web client where to get 
the appropriate response
4) receive the subsequent GET request
5) respond with appropriate response

then this is the type of misuse that runs rampant and makes people like 
Mr. Lynch have a distaste for its use.

Like many things, it is all a matter of the developer. Personally, I 
like PHP's general approach of giving the developer the power to do 
anything, even if it is bad. *shrug* Most criticism I've heard of PHP 
(like the bogus security vulnerabilities cited in PHP) stems from this 

Anyway, I've stumbled off-topic...


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to