i have a registration page which is a self submitting form <form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="POST" id="test2" name="registrationform"> where in a user fill a form, after the data has been inserted to a database i would like to redirect the user to a different page. i am not able to use header(Location: filename.html) as i have echo statements before and i get a message that headers have already been sent. so due to this i am using echo (" <meta http-equiv='refresh' content='0;url=thankyou.php?firstname=$firstname'> "); this works perfectly fine. however if a user disables meta refresh which is a very small possibility the above meta tag would not execute to avoid such a situation i would like to use echo statements to create a new page which would have html tags and display a similar page to thankyou.php in my case the php code is placed in the middle of the page which displays messages that a user did not enter in the form. the page is so structured that there is some information written using html tags followed by the registration questions where the php code is present to validate. i have used echo (" <meta http-equiv='refresh' content='0;url=thankyou.php?fname=$fname'> "); redirectingthepage(); exit; i have used the above code so that even if the echo (" <meta http-equiv='refresh' content='0;url=thankyou.php?fname=$fname'> "); is not executed the redirectingthepage() function will be executed. my question is due to the structure of the page whatever text is present before the form that text is appearing again followed by the text i have inside redirectingthepage() function, i do not want this to happen. i would like what is written in redirectingthepage() function only to appear. i have defined redirectingthepage() function in a separate file and i am calling the file which has redirectingthepage() function by using include statement in the registration page. please advice how i can display what is defined in redirectingthepage() function ONLY if the refresh is disabled by the user thanks.
1. Do not use PHP_SELF. It's XSS vulnerable. 2. Do not use meta redirect. Use http header redirect instead. header('Location:http://www.site.com/done.php'); die; PHP: