I've seen both of these in scripts and was wondering from strictly a security standpoint if one outweighs the other? Is it better to include the secure page content within an IF statement?
if(!login_check($mysqli)) {
header("Location: index.php");
exit;
}
//Secure Page Content.
Or...
if (login_check($mysqli)) {
//Secure Page Content.
} else {
header("Location: index.php");
}
exit;
Strictly from a security point, i'd say no difference. That being said. The first is much clearer to read. If the page content is more than a screen you've lost track of where the conditional ends. This could lead to making an error somewhere in the code where another else is executed and the page becomes open.
Supplying an exit directly after the check eliminates a human error becoming a security hole in the rest of the code, and in my opinion is much easier to digest and won't lead to a troubleshooting issue in the future.