could the code after the header-location call be effectively executed?

header-location 调用后的代码能否有效执行？

Yes, always. The headeris only a line of data askingthe browser to redirect. The rest of the page will still be servedby PHP and can be looked at by the client by simply preventing the headercommand from executing.

是的，总是。这header只是要求浏览器重定向的一行数据。页面的其余部分仍由PHP提供服务，客户端可以通过简单地阻止header命令执行来查看它。

That is easy enough to do with a command-line client like wget, for example, by simply telling it not to follow redirects.

使用命令行客户端很容易做到这一点wget，例如，只需告诉它不要遵循重定向即可。

Bottom line: If you don't prevent it, PHP will send out the whole body even after a headercall. That body is fully available to the recipient without any special hacking skills.

底线：如果你不阻止它，即使在header调用之后，PHP 也会发出整个身体。该机构完全可供接收者使用，无需任何特殊的黑客技能。

If you redirect but you don't die()/ exit()the code is always executed and displayed.

如果您重定向但您没有重定向die()/exit()代码总是被执行和显示。

Take the following example:

以下面的例子为例：

admin.php:

管理.php：

if (authenticationFails)
{
    // redirect and don't die
}

// show admin stuff

If you don't make sure to end the execution after the location header everyuser will gain access.

如果您不确保在位置标头之后结束执行，则每个用户都将获得访问权限。

header()instructs PHP that a HTTP header should be sent... When the HTTP headers are sent.

header()指示 PHP 应发送 HTTP 标头...当发送 HTTP 标头时。

And those are not sent immediatly when you write the call to header(), but when it's time to send them (typically, when PHP needs to begin sending the body of the response -- which might be later than you think, when output_bufferingis enabed).

当您编写对 header() 的调用时，这些不会立即发送，而是在发送它们的时候发送（通常，当 PHP 需要开始发送响应正文时——这可能比您想象的要晚，output_buffering何时启用)。

So, if you just call header(), there is absolutly ne guarantee that the code written after this statement is not executed -- unless you indicate that it must not, by using exit/die.

因此，如果您只是调用header()，则绝对不能保证在此语句之后编写的代码不会被执行——除非您通过使用exit/指示它不能被执行die。

The user can ignore the Locationheader if he wants ; but it will not change anything on the fact that the code after the call of header()might or might not be executed : that matter is server-side.

如果需要，用户可以忽略Location标题；但它不会改变调用后的代码header()可能会或可能不会执行的事实：这件事是服务器端的。

PHP Code after a header() will be run. Sometimes, that is required though, as the exampleon php.net shows. To make sure it's not, you end the program flow entirely.

将运行 header() 之后的 PHP 代码。有时，这是必需的，如php.net 上的示例所示。为了确保它不是，您完全结束程序流程。

re: could the code after the header-location call be effectively executed?

re: header-location 调用后的代码能有效执行吗？

Yes if you don't close the script.

是的，如果您不关闭脚本。

re: In which cases?

回复：在哪些情况下？

In every case.

在每种情况下。

Can a malicious user be able to completely ignore the header('Location..') call?

恶意用户能否完全忽略 header('Location..') 调用？

No, it will get exacted the user has no say in the matter.

不，它会被要求用户在这件事上没有发言权。

Without the exit call, the exact point/time at which your script will terminate will come down to two factors:

如果没有退出调用，脚本终止的确切点/时间将归结为两个因素：

1. How quickly the client browser reacts to the redirect
2. How much time it takes the rest of your script to execute.

1. 客户端浏览器对重定向的反应速度
2. 执行脚本的其余部分需要多长时间。

Let's say the browser IMMEDIATELY starts the redirect action the moment it sees the Location header come through. That means it will shut down the connection from which the redirect comes, so it can start connecting to the new location. This generally means the web server will terminate the redirecting script. However long it takes for the header to go from server->client and the TCP link shutdown process to go from client->server is the amount of time in which your script can keep running.

假设浏览器在看到 Location 标头通过时立即启动重定向操作。这意味着它将关闭重定向来自的连接，因此它可以开始连接到新位置。这通常意味着 Web 服务器将终止重定向脚本。标头从服务器-> 客户端和 TCP 链接关闭过程从客户端-> 服务器需要多长时间，这是您的脚本可以继续运行的时间量。