Approx. read time: 3.3 min.
Post: How to make a go-back button with PHP code?
Lesson: Creating a “Go Back” Button in PHP Without JavaScript Using HTTP_REFERER
Objective:
Learn how to create a functional “Go Back” button using PHP, relying on the HTTP_REFERER variable while ensuring its reliability through proper error handling and sanitization.
Prerequisites:
- Basic understanding of PHP
- Familiarity with HTML
- Awareness of server-side HTTP request headers
Introduction to HTTP_REFERER
The HTTP_REFERER variable in PHP, stored in the $_SERVER['HTTP_REFERER'] superglobal, holds the URL from which the user came before landing on the current page. This is particularly useful for creating a “Go Back” button without JavaScript, allowing the user to return to the previous page by clicking the button.
However, the HTTP_REFERER is unreliable because:
- It can be modified or hidden by browsers or third-party software.
- It is not always passed by the browser (e.g., when navigating from a bookmark or typing a URL directly).
Because of its limitations, it is important to sanitize and check if the HTTP_REFERER is set before using it in your PHP code.
Code to Create a Go Back Button Using HTTP_REFERER
1. Basic Approach Without Error Handling:
- This code attempts to display a link that directs the user to the previous page.
- The
htmlspecialchars()function is used to prevent cross-site scripting (XSS) by encoding special characters in the URL. - However, this code will throw an error if
HTTP_REFERERis not set, which is why error handling is crucial.
2. Improved Code With Error Handling:
To avoid potential errors when HTTP_REFERER is unavailable, we can wrap the logic in a condition to check if it exists.
- Explanation:
- We first check if
$_SERVER['HTTP_REFERER']is set usingisset(). - If it is set, we sanitize the URL using
htmlspecialchars()to ensure it’s safe. - If not, we display a fallback message (like “No previous page found”).
- We first check if
3. Using Ternary Operator:
Alternatively, the ternary operator can be used for more concise code:
-
- Explanation:
- The ternary operator checks if
$_SERVER['HTTP_REFERER']is set. If it is, it assigns the sanitized URL to$url. Otherwise, it assigns an empty string. - We then either print the back link if
$urlhas a value or a fallback message.
- The ternary operator checks if
Why Is
HTTP_REFERERUnreliable?- Browser Settings: Some browsers allow users to disable or modify the referrer information. In such cases, the
HTTP_REFERERmay be missing or incorrect. - Privacy Tools: Many privacy-focused tools or plugins (such as anti-spyware) can block the referrer information from being sent.
- Direct Access: If a user directly accesses a page (e.g., via a bookmark or typing the URL), there is no referring page, and thus no
HTTP_REFERER.
Error Prevention in Logs
When logging or analyzing server traffic, you may encounter cases where
HTTP_REFERERis not set. Instead of causing errors, handle these situations gracefully by checking for its presence, as shown above.Here’s an example of a web server log that includes
HTTP_REFERER: - Explanation:
However, in cases where HTTP_REFERER is blocked or not passed, it would look like this:
Conclusion
Using the HTTP_REFERER variable in PHP is useful for creating navigation aids like “Go Back” buttons, but always keep in mind its unreliability. By sanitizing the data and checking if it’s set, you can ensure your PHP application handles this scenario gracefully and securely.
Key Points:
- Always sanitize the
HTTP_REFERERbefore using it. - Check if
HTTP_REFERERis set to avoid errors. - Understand that
HTTP_REFERERmay be missing or altered due to user privacy settings or direct access.
Next Steps:
a. Add custom error messages or logging when HTTP_REFERER is unavailable.
b. Consider using server-side session management if navigation tracking is crucial for your application.
Related Posts
The Longevity Blueprint: AI-Powered Health Optimization
About the Author: Bernard Aybout (Virii8)
