Should I handle redirection via PHP or Javascript? -

I rearranging some old code and trying to understand a bit better header I am

I have read a terrific answer in the following post, now I understand why 'why' but when it comes to implementation it can also be a bit fuzzy.

Cancel button

  if (isset ($ _ session)  
  
 ['search page'])) {Header ('location: searchform.fip ticket ='. $ _ Session ['product']. & Amp; searchbtn = search '); Go out(); }   
 However, to do this work in the display page, give me  ob_start () .  
  
  if (isset ($ _ session ['searchpage']) { Echo '& lt; Script & gt; Window.location = "searchForm.php? Product = '$ _SESSION [' product ']' & searchbtn = find '; & Lt; / Script> '. Go out(); }   
 For my questions now  
 
 Which method is better or acceptable?  
 I am unable to think in a way to design my page at such a place where no output has been sent before using  header () . If there are redirections to a button click event, then you  ob_start () ?    
 
 
  edit  
 First of all, Code> header  and want to read something else on the redirect. Instead of setting  header ('location: ...'); , Redirect using the following code:  
  Header ('HTTP / 1.1301 Moving Permanently'); Header (.. '? Location: searchform.php ticket =' $ _ session ['product'] '& searchbtn = search'); 301 redirects are usually better for SEO, and most browser redirects will cache, so the customer history stack will be more reliable, which is good news for SS scripts that use it. History can ...  
 
 Which is the better way?   
 To completely redirect the PHP client,  not  is a great idea customer can change your script, or if in JS code If some disturbances are written, then redirection will not work. Some troubled teenagers may feel like messing with your code, and you may get potential security problems in your site.  
 2. How to use  ob_ * , or how to use the  header  without  ob _ * ?  
 Just start your entry script ( index.php ) with a  ob_start ()  to make sure that your output buffer Use  ob_implicit_flush (true)  to flush but more importantly, just after setting your header, call  ob_flush () . Alternatively, consider using a framework such as Symfony2 and / or ZendFW. The code has been written several times to handle redirects, why can not it be used?  
 If you want to clear the output buffering, then it is possible that you get certain specifications, or design principles (like MVC  
 
 get the request  <  
  
   
  
 Render page  
 Send feedback   < Li>  
 P> After you process your request, you will be able to redirect, and since you are not close to render the output, only when you send the header, you need to redirect Or headers.  
  Update:  
 There is only one link in response to your follow-up question that you may wish to read ... though the document's main I believe, how to safely use mashups (which actually are XSS injection real) Anyway, they work better to explain how and how to use JS to weaken the security of any webpad. can be done