You know that if you want to redirect an user in PHP you can use the header function:
header('Location: http://smowhere.com');
It is also well known that it is a good practice to put also an exit;
after the header
call, to prevent execution of other php code. So my question is: could the code after the header-location call be effectively executed? In which cases? Can a malicious user be able to completely ignore the header('Location..')
call? How?