3

I have this code that my question is on. 

if ($_FILES["file"]["error"] > 0){
    $_SESSION['NOFILE'] = true;
    header( 'Location: http://www.website.com/files/.index.php');
}


//Should I be using the absolute path like I have here. or should I use 

if ($_FILES["file"]["error"] > 0){
    $_SESSION['NOFILE'] = true;
    header( 'Location: /files/.index.php');
}

I have this question because Im newer to PHP. I would like to thank you all in advanced - kim :) P.S. new to SOF to so i couldnt format my code.

PeeHaa
  • 71,436
  • 58
  • 190
  • 262
smith...amy
  • 45
  • 5
  • 1
    It is not a matter of security. It is a matter of spec. The spec clearly states you should use an absolute url. BTW you should also always `exit;` after a redirect to prevent further execution of the script. – PeeHaa Jun 15 '13 at 21:10
  • Thank you PeeHaa. Im going to use absolute paths then. – smith...amy Jun 15 '13 at 21:13
  • @PeeHaa埽 When i call exit will that prevent it from again at all or just that one time the script was called? – smith...amy Jun 15 '13 at 21:18

1 Answers1

2

The HTTP spec requires a full URL, so you should always use that.

Some implementations (ie browsers) will accept a path without the domain, and assume it refers to the current domain, but you should not count on it.

It's easy enough to construct the full path using the available $_SERVER variables, so you should make sure you always do it.

Spudley
  • 166,037
  • 39
  • 233
  • 307