Questions about the Header Function in PHP

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Here is an example from the PHP Manual


if ((!isset($_SERVER['PHP_AUTH_USER'])) || (1==1)) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
} else {
    echo "<p>Hello .</p>";
    echo "<p>You entered as your password.</


1.  This is a status code not a header, right?  =>   header('HTTP/1.0
401 Unauthorized');

2.  According to the change log in the PHP manual, starting with 4.4.2
and 5.1.2 the header function now prevents more than one header to be
sent at once as a protection against header injection attacks.  Does
this mean if I make multiple header calls the headers will be sent in
multiple response messages to the browser?  Is this allowed?  Can a
server send multiple response messages to one request?]

3.  If you  hit the "cancel" button on the browser user name/password
request dialog (as alluded to in the code snippet above), what message
does the browser send to the server.

Re: Questions about the Header Function in PHP

TS Moderator1 wrote:

Quoted text here. Click to load it

Status codes are sent in the header.

Quoted text here. Click to load it

Not sure about this, the header() function do not have any limitation and if
there would be one header per request you would loose much of the
functionality of the headers.

Quoted text here. Click to load it

The browser don't send anything at all.

These questions had been more properly been asked in alt.php.



Site Timeline