If you use header('Locations: /my-url'); in php to redirect a user, it still continues to go through the rest of the code below it. so if you want to redirect it without continuing the code below, use an die(); right below it.
This prevents it from doing useless sql queries and data leaks/exploits.