4

In my MVC framework I sometimes redirect after form submission. Say you post a form to /example/input.

I want to add the proper header code and explanatory text in PHP with e.g. header('HTTP/1.1 404 Not Found');

1) Your input contains errors. You stay on the /example/input page and get the form again, marked up with errors etc. Which HTTP 1.1. code and text would be the proper one to send with this the redirect instruction?

2) Your input is ok, the element is saved, and you are redirected via Header('Location: ...') to /example/success. Which HTTP 1.1. code and text would be the proper one here?

3) The PHP code throws an error due to misconfiguration, missing include file, corrupt database connection, or whatever else is going wrong sometimes. Which HTTP 1.1. code and text would be the proper one here?

I have looked at the codes here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Number 200 appears right for 1), while number 301/302 appear right for 2), and number 500 for 3). But in all three cases, I find that the title/explanation following the codes on the link above is not exactly fitting the scenario I'm describing above. Should I choose other codes/text?

preyz
  • 3,029
  • 5
  • 29
  • 36

2 Answers2

5

Cases one and two describe variants of the same situation: you submit a form by POST, the server handles it and redirects the client to either a success page or back to the form. For both cases, "303 See Other" is the correct response. This is the correct way to redirect the client to a resource using the GET method after the server has correctly handled a POST request. According to the specification:

This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource.

For Case 3, the 500 code is usually suitable for most critical errors.

Jonathan
  • 316
  • 1
  • 10
  • Actually case 1 doesn't redirect, since you're posting to the same URL as the errors are displayed on. Only case two actually performans a redirect (to the success page). – preyz Jul 29 '12 at 18:12
  • Ideally posting the data to the form WOULD result in a redirect, actually. See here: http://en.wikipedia.org/wiki/Post/Redirect/Get – Jonathan Jul 31 '12 at 20:19
  • I've accepted your answer under the condition of strictly implementing the PRG concept on all submits. I am, however, not convinced this is necessary, since if the form has errors, then the POST will not generate an entry to the database and respond with a page that contains a form with errors. If, however, the form is ok, then the redirect is used according to the linked PRG concept, to avoid double entries. – preyz Aug 01 '12 at 13:12
1

In my understanding the 200 code is correct if your PHP executed successfully. So that should take care of 1 and 2.

For 3, PHP already sends the 500 code if a fatal error occurs.

To explained 2 a bit more, the 300s are for when a resource is no longer located at the requested URL. So you would redirect them to the new or correct location. In your case the resource IS there, so you don't need a 300 code.

Xesued
  • 4,147
  • 2
  • 25
  • 18
  • That's not necessarily correct. 300 codes handle all types of redirects, and while you're right about the fatal errors, not every case the OP described would result in a fatal error. – Jonathan Jul 22 '12 at 04:35
  • You're correct. I missed the mark on the 300 errors. Thanks. – Xesued Jul 22 '12 at 04:45