Perhaps my search facilities are operating differently to yours, because I return a list of results (links to the relevant pages) and don't bother with setting headers, just the content of the results page. If no query was submitted or no results found the page simply informs the user of that.

Hope that makes sense and I didn't miss your point. :)

barns101 is correct but I will add a few things

empty searches should shoe "please enter a search term" and then redisplay the search for. There is no need to redirect as it should send a 200 and allow them to search again on that page.

at the top of your search results page (or somewhere on the page) you should always have the form there as well.

Another option is to return a default set of pages if nothing is entered. You have your message at the top of them saying there was nothing entered and then have a list of pages/products that you want to push below that.

Thanks both. No, you didn't miss the point - I was just being a bit thick.

For this kind of form validation, (checking if the field is empty), you should use javascript.

Much faster for the user, less traffic for your server because the page is not sent until something is actually typed in the box.

if people use js for validation you still need to use php as well. users may not have js on and bots certainly don't.

only js for any form is a security no no

Completely agree.

Both javascript and PHP validation.

Javascript is for the user because, well the vast majority of them have javascript on and it's always a nuisance to click on a form, wait a bit and then the page shows up again because you forgot something. Javascript is instant.

On the downside, it's easy for a hacker to copy your page, remove the js validation, and use the form without it, so the form needs to be validated in php as well.