Because the PHP engine interacts with the Web server, our PHP scripts can influence the HTTP response headers sent by the server. This can be very useful.
To get the Web server to send a custom HTTP header as part of its response, we will use the PHP's header() function. This simply takes the header line to output, and then injects this line into the response headers:
By default, the header() function replaces any HTTP header field with the same name. In the example just shown, if the response already contains a Server header, that header is replaced with the one passed into the header() function. However, some HTTP header fields can be included more than once in the response. If we'd like to include the same header several times, pass in false as the second argument to the header() function:
(Although we can set cookies this way, it's easier to use PHP's setcookie() function.)
Generally speaking, when we pass a header line to the header() function, PHP faithfully injects the header line as-is into the response. However, there are two special cases:
The first line tells the Web browser to expect a PDF document rather than a regular Web page. The second line reads the PDF file on the server's hard drive and outputs its contents to the Web browser, which can then save or display the PDF.
Usually it's up to the browser as to whether it displays the file in the browser itself, or offers to save it to the user's hard disk. We can use a Content-Disposition: Attachment header to suggest to the browser that the file should be saved rather than displayed and, optionally, to suggest a filename for the saved file:
By the way, we need to make sure we don't send anything to the browser before calling header(). This includes HTML markup, or even blank lines, before your opening <?php tag. This is because, once PHP has received a request to send some content to the browser, it sends the HTTP headers first (because the headers need to be sent at the start of the response). Therefore, by the time our header() call is executed, the content is already being sent, and it's too late to send any more headers. (If we fall foul of this, then our header isn't sent and PHP generates a Cannot modify header information - headers already sent warning.)
header( "Server: Never you mind" );
By default, the header() function replaces any HTTP header field with the same name. In the example just shown, if the response already contains a Server header, that header is replaced with the one passed into the header() function. However, some HTTP header fields can be included more than once in the response. If we'd like to include the same header several times, pass in false as the second argument to the header() function:
- header( "Set-Cookie: name=Fred; expires=Mon, 05-Jan-2009 10:22:21 GMT; path=/; domain=.example.com");
- header( "Set-Cookie: age=33; expires=Mon, 05-Jan-2009 10:22:21 GMT; path=/; domain=.example.com", false );
(Although we can set cookies this way, it's easier to use PHP's setcookie() function.)
Generally speaking, when we pass a header line to the header() function, PHP faithfully injects the header line as-is into the response. However, there are two special cases:
- If the header string starts with HTTP/, PHP assumes we want to set the status line, rather than add or replace a header line. This allows us to set our own HTTP status lines:
// Nothing to see here, move along header( "HTTP/1.1 404 Not Found" );
- If we pass in a Location header string, PHP automatically sends a 302 Found status line as well as the Location header:
// Redirect to the login page header( "Location: http://www.example.com/login.php" );
- This makes it easy to do page redirects . If we'd rather send a different status line, simply specify the status line as well:
header( "HTTP/1.1 301 Moved Permanently" ); header( "Location: http://www.example.com/newpage.php" );
- <?php
- header( "Content-Type: application/pdf" );
- readfile( "report.pdf" );
- ?>
The first line tells the Web browser to expect a PDF document rather than a regular Web page. The second line reads the PDF file on the server's hard drive and outputs its contents to the Web browser, which can then save or display the PDF.
Usually it's up to the browser as to whether it displays the file in the browser itself, or offers to save it to the user's hard disk. We can use a Content-Disposition: Attachment header to suggest to the browser that the file should be saved rather than displayed and, optionally, to suggest a filename for the saved file:
- <?php
- header( "Content-Type: application/pdf" );
- header( 'Content-Disposition: attachment; filename="Latest Report.pdf"' );
- readfile( "report.pdf" );
- ?>
By the way, we need to make sure we don't send anything to the browser before calling header(). This includes HTML markup, or even blank lines, before your opening <?php tag. This is because, once PHP has received a request to send some content to the browser, it sends the HTTP headers first (because the headers need to be sent at the start of the response). Therefore, by the time our header() call is executed, the content is already being sent, and it's too late to send any more headers. (If we fall foul of this, then our header isn't sent and PHP generates a Cannot modify header information - headers already sent warning.)
No comments:
Post a Comment