您知道如果要在PHP中重定向用户,可以使用标头功能:
header('Location: http://smowhere.com');
众所周知,exit;在header调用之后也放置一个很好的做法,以防止执行其他php代码.所以我的问题是:标头位置调用后的代码能否有效执行?在哪些情况下?恶意用户能否完全忽略该header('Location..')呼叫?怎么样?
这是我检查访问的代码.
$query = "SELECT user_table.status, expire FROM user_table WHERE username = ?";
if($stmt = $mysqli->prepare($query)){
$username = phpCAS::getAttribute('uid');
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
$returned_amount = $stmt->num_rows;
if($returned_amount>1)
die("To many user names exists for you!");
else if(empty($returned_amount))
header("Location: /101/index.php?type=nouser");
$stmt->bind_result($status, $expire);
$stmt->fetch();
$stmt->free_result();
$stmt->close();
if($expire != '0000-00-00 00:00:00' && strtotime($expire) <= time())
header('Location: /101/index.php?type=expired');
$access = $status;
}else die("Failed to prepare!");
?>
然而,当$returned_amount == 0.
它没有击中 header("Location: /101/index.php?type=nouser");
如果我将代码更改为以下代码,则可以解决问题,但我不明白为什么更改代码会有所帮助.
if($returned_amount>1)
die("To many user names exists for you!");
else if(empty($returned_amount)){
header("Location: …