PHP's header function allows you to change the headers on your returned content so that (examples)

• The browser receives not HTML but plain text, a .jpg image or a file to save locally
   example: header ('Content-type: Application/Octet-stream');

• You can change a "404" missing reponse code into a "200" - good.
   example: header("HTTP/1.1 200 OK");

• You can send out cache instructions
   example: header("cache-control: no-store");

• you can sent out a save file name if you're saving the file.
   example: header ('Content-Disposition: attachment; filename="hello.txt"');

However, up until PHP 4.4.2 / PHP 5.1.2 it was prone to injection attacks. If you used a variable within the parameter and your user could set that variable to include a new line character, he could add in any other header at all.

As from the releases above, you should send separate header directives if you want to set multiple headers as PHP has been altered to take care of the potential security issue and is not backwards compatible over this.

There's an example in our "database download to local CSV file" demonstration with required to set both a content-type and a content-disposition. Have a look at the source code in which I have commented out the old and replaced it by the new. The old was producing a message like:
Warning: Header may not contain more than a single header, new line detected. in C:\Domains[part of URL removed]testsite\phpcsv\phptocsv1.php on line 30

Note also with the header function - you may ONLY call it before your PHP script has sent out any content to the browser. This means that it must be in a block of PHP that comes at the very top of your script (no blank lines or spaces before the initial <?php please). See also the ob_start function which, however, I dislike.
(written 2007-05-30, updated 2007-06-07)

 H112 - PHP - Further Web Page and Network Handling
  [3568] Telling which ServerAlias your visitor used - useful during merging domains - (2012-01-04)
  [3540] Easy session example in PHP - keeping each customers data apart - (2011-12-06)
  [3432] 3 digit HTTP status codes - what are they, which are most common, which should be a concern? - (2011-09-11)
  [3036] Sending out an email containing HTML from within a PHP page - (2010-11-07)
  [2918] Downloading a report from the web for further local analysis - (2010-08-13)
  [2729] Uploading a document or image to its own URL via a browser - (2010-04-18)
  [2679] How to build a test harness into your PHP - (2010-03-16)
  [2632] Shipping a test harness with your class in PHP - (2010-02-12)
  [1549] http, https and ajp - comparison and choice - (2008-02-22)
  [1518] Downloading data for use in Excel (from PHP / MySQL) - (2008-01-25)
  [1515] Keeping staff up to date on hotel room status - (2008-01-22)
  [1505] Script to present commonly used images - PHP - (2008-01-13)
  [1496] PHP / Web 2 logging - (2008-01-06)
  [1495] Single login and single threaded models - Java and PHP - (2008-01-04)
  [1485] Copyright and theft of images, bandwidth and members. - (2007-12-26)
  [1379] Simple page password protection - PHP - (2007-10-04)
  [1355] .php or .html extension? Morally Static Pages - (2007-09-17)
  [1187] Updating a page strictly every minute (PHP, Perl) - (2007-05-14)
  [1183] Improving searches - from OR to AND? - (2007-05-11)
  [1114] PHP Image upload script - (2007-03-21)
  [1009] Passing GET parameters through Apache mod_rewrite - (2006-12-27)
  [936] Global, Superglobal, Session variables - scope and persistance in PHP - (2006-11-21)
  [904] Of course I'll tell you by email - (2006-10-25)
  [847] Image maps for navigation - a straightforward example - (2006-08-28)
  [789] Hot answers in PHP - (2006-07-02)
  [767] Finding the language preference of a web site visitor - (2006-06-18)
  [675] Adding PHP tags to an old cgi program - (2006-04-08)
  [603] PHP - setting sort order with an associative array - (2006-02-13)
  [565] Using PHP to output images, XML, Style sheets, etc - (2006-01-15)
  [542] Morning image, afternoon image - (2005-12-26)
  [537] Daily Image Santafied - (2005-12-22)
  [484] Setting the file name for a downloaded document - (2005-11-03)
  [451] Accessing a page via POST from within a PHP script - (2005-09-26)
  [443] Server side scripting of styles to suit the browser - (2005-09-12)
  [425] Caching an XML feed - (2005-08-26)
  [410] Reading a news or blog feed (RSS) in your PHP page - (2005-08-12)
  [376] What brings people to my web site? - (2005-07-13)
  [372] Time calculation in PHP - (2005-07-08)
  [356] Sudoku helper or sudoku cheat - (2005-06-23)
  [345] Spotting a denial of service attack - (2005-06-12)
  [314] What language is this written in? - (2005-05-17)
  [220] When to use Frames - (2005-02-19)

Back to Where did the Bank Holiday go?

Previous and next or Horse's mouth home

Forward to A lot has happened in a year

New Serieses for the summer on TV
MySQL - the order of clauses and the order of actions
What brought YOU to our web site?
A lot has happened in a year
PHP header() function - uses and new restrictions
Where did the Bank Holiday go?
Meet other local businesses in Melksham
Simple but effective use of mod_rewrite (Apache httpd)
Where and When - can you place the picture?
Arrival and Departure experiences - another hotel