Yes, your instructor is correct. include()
is for including PHP code, not for redirecting. header()
function does that, so use it. Using include()
works, but that doesn't mean you should use it.
Why shouldn't you use include
?
include()
is a function for "including" code from a different file. It loads and executes the code from the file and is not exclusively built for redirecting. On the other hand, the sole purpose ofheader()
is to send raw HTTP headers, i.e. perform redirects and the like. Use that instead.If you have multiple lines of code in the file you're using for the redirect,
include()
will execute it completely, every time you perform a redirect. If your application uses redirects heavily, this would mean a performance loss and would result in a laggy application. Moreover, you'll be needlessly executing several lines of code if you're usinginclude()
. If you were to useheader()
, you could avoid this problem. (By callingexit()
right afterheader()
.)
More problems in your code:
You're using
mysql_*
functions. Theext/mysql
extension is deprecated and shouldn't be used. Use MySQLi or PDO instead.You're blindly injecting user input into your database query, thereby making it vulnerable to SQL injection. A user with malicious intent could technically cause troubles, or even delete your database entirely. Use PDO / MySQLi with prepared statements to prevent this from happening. See this question for more details on how.