[thelist] Tip: whitespace in included PHP causes header() calls to fail

Burhan Khalid thelist at meidomus.com
Sat Aug 20 02:33:18 CDT 2005

Matt Warden wrote:
> Hash: SHA1
> Ian Anderson wrote:
>>In PHP, calls to header( "Location: whatever.php" ) were failing
>>silently whenever an include file was used to validate the user's
>>session data.
>>I thought it was something I was doing with cookies or session_start()
>>in my included file, but no...
>>Turned out there was a space *after* the closing "?> " in the included
>>file, which was getting written to the browser as unintentional output
>>at the start of the HTML. Of course, calls affecting HTTP header will
>>not work if output has already been written to the browser.
> This is why you should never use the closing ?> in include files (it's
> optional).

This is bad practice to omit the closing ?> just like its bad practice 
to use <?=

What instead you should do is, ensure that you have no leading or 
trailing whitespaces (any decent editor has an option to show whitespace).

In addition, always give the full URI to a Location: header. Location: 
foo.php (although works) is not the recommended way:

"Note:  HTTP/1.1 requires an absolute URI as argument to Location: 
including the scheme, hostname and absolute path, but some clients 
accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], 
$_SERVER['PHP_SELF']  and dirname() to make an absolute URI from a 
relative one yourself"

Other functions to help debugging header related issues are 
headers_sent() and headers_list().  You can also use output buffering to 
avoid the headers already sent "error".


More information about the thelist mailing list