Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP Enhancing a Simple PHP Application Integrating Validation Errors Setting an Error Message Variable

Bob Sutherton
Bob Sutherton
20,160 Points

Why do we need to keep that last exit command? It seems to work fine without it.

When the exit command is removed it works just fine. Why do we need to keep it?

if($mail->Send()) {
            header('Location: contact.php?status=thanks');
            exit;
        } else {
            $error_message = "Shiyat! " . $mail->ErrorInfo;
        }

The simple answer is: if you have any other code following that if block, you wouldn't want to run it since you are redirecting with the header function.

Bob Sutherton
Bob Sutherton
20,160 Points

I know that's what he said in the video but as I said it works fine without it. The contact form doesn't come up when I submit the form, only the thank you message does.

What you don't see, is the code has the potential to still run even though the page was redirected. When you add the exit command it ensures that nothing else on the page gets executed.

Bob Sutherton
Bob Sutherton
20,160 Points

I see what you are saying. What I don't see is that actually happening before my eyes. Are you saying it is just a precaution? Or is the code still getting executed behind the scenes and just not showing up in the browser?

right, I gather in your case you are simply displaying something to the screen and that is pretty harmless but rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.

That is easy enough to test with a command-line client like wget, for example, by simply telling it not to follow redirects.

So, If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient without any special hacking skills.

1 Answer

Yes! always... If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient without any special hacking skills.