Skip navigation


6 drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302)
7 drupal_goto($path = '', array $options = array(), $http_response_code = 302)

Send the user to a different Drupal page.

This issues an on-site HTTP redirect. The function makes sure the redirected URL is formatted correctly.

Usually the redirected URL is constructed from this function's input parameters. However you may override that behavior by setting a destination in either the $_REQUEST-array (i.e. by using the query string of an URI) This is used to direct the user back to the proper page after completing a form. For example, after editing a post on the 'admin/content'-page or after having logged on using the 'user login'-block in a sidebar. The function drupal_get_destination() can be used to help set the destination URL.

Drupal will ensure that messages set by drupal_set_message() and other session data are written to the database before the user is redirected.

This function ends the request; use it instead of a return in your menu callback.


$path: A Drupal path or a full URL.

$options: An associative array of additional URL options to pass to url().

$http_response_code: Valid values for an actual "goto" as per RFC 2616 section 10.3 are:

  • 301 Moved Permanently (the recommended value for most redirects)
  • 302 Found (default in Drupal and PHP, sometimes used for spamming search engines)
  • 303 See Other
  • 304 Not Modified
  • 305 Use Proxy
  • 307 Temporary Redirect (alternative to "503 Site Down for Maintenance")

Note: Other values are defined by RFC 2616, but are rarely used and poorly supported.

See also



Related topics

91 calls to drupal_goto()

7 string references to 'drupal_goto'


drupal/includes/, line 663
Common functions that many Drupal modules will need to reference.


function drupal_goto($path = '', array $options = array(), $http_response_code = 302) {
  // A destination in $_GET always overrides the function arguments.
  // We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector.
  if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
    $destination = drupal_parse_url($_GET['destination']);
    $path = $destination['path'];
    $options['query'] = $destination['query'];
    $options['fragment'] = $destination['fragment'];

  drupal_alter('drupal_goto', $path, $options, $http_response_code);

  // The 'Location' HTTP header must be absolute.
  $options['absolute'] = TRUE;

  $url = url($path, $options);

  header('Location: ' . $url, TRUE, $http_response_code);

  // The "Location" header sends a redirect status code to the HTTP daemon. In
  // some cases this can be wrong, so we make sure none of the code below the
  // drupal_goto() call gets executed upon redirection.