I noticed that the header() function in PHP have some bugz.
The bug i found was with the Location. If you place this code in a php file and acces it with a browser, the browser will redirect you.
View Code PHP
header('Location: http://www.example.com'); |
But if you read the headers and the page content you will see the page content after the above code.
And that’s a big problem cause you can run any script from that page.
Take a look at the following tutorial 
5 Comments
any fix for header() error? When using with sessions, you get an error that says that the header was already sent.
What’s the exactly error you get?From what i know “header was already sent” error you get when you try to set a cookie after you have printed something.Later edit: Oh now i understand what error you get.
Well, the php is giving you this error because you have printed something before the header() function and that’s not allowed.
Visit: PHP: header – Manual
I don’t think it’s a PHP bug. You should always put an exit(); after a header redirect so that the page stops showing any more content.
Also take a look into output buffering which will help prevent the ‘headers already sent’ errors.
cya
Also take a look at this post:
Authentication bypass:
http://yaisb.blogspot.com/2006/08/authentication-bypass_07.html
Yes. It’s not really a bug but the vast majority of webmasters are using this function without putting the exit() or die() functions.
So it can cause some problems.