Note that CURLOPT_TIMEOUT takes integers, so you cannot use it to set a timeout smaller than one second.
(PHP 4 >= 4.0.2, PHP 5, PHP 7)
curl_setopt — 设置 cURL 传输选项
ch
由 curl_init() 返回的 cURL 句柄。
option需要设置的CURLOPT_XXX选项。
value
将设置在option选项上的值。
以下 option 参数的 value应该被设置成 bool 类型:
| 选项 | 将 value 设置为 |
备注 |
|---|---|---|
CURLOPT_AUTOREFERER |
TRUE 时将根据 Location: 重定向时,自动设置 header 中的Referer:信息。
|
|
CURLOPT_BINARYTRANSFER |
设为 TRUE ,将在启用 CURLOPT_RETURNTRANSFER 时,返回原生的(Raw)输出。
|
从 PHP 5.1.3 开始,此选项不再有效果:使用
CURLOPT_RETURNTRANSFER 后总是会返回原生的(Raw)内容。
|
CURLOPT_COOKIESESSION |
设为 TRUE 时将开启新的一次 cookie 会话。它将强制 libcurl 忽略之前会话时存的其他 cookie。
libcurl 在默认状况下无论是否为会话,都会储存、加载所有 cookie。会话 cookie 是指没有过期时间,只存活在会话之中。
|
|
CURLOPT_CERTINFO |
TRUE 将在安全传输时输出 SSL 证书信息到 STDERR。
|
在 cURL 7.19.1 中添加。
PHP 5.3.2 后有效。
需要开启 CURLOPT_VERBOSE 才有效。
|
CURLOPT_CONNECT_ONLY |
TRUE 将让库执行所有需要的代理、验证、连接过程,但不传输数据。此选项用于
HTTP、SMTP 和 POP3。
|
在 7.15.2 中添加。 PHP 5.5.0 起有效。 |
CURLOPT_CRLF |
启用时将Unix的换行符转换成回车换行符。 | |
CURLOPT_DNS_USE_GLOBAL_CACHE |
TRUE 会启用一个全局的DNS缓存。此选项非线程安全的,默认已开启。
|
|
CURLOPT_FAILONERROR |
当 HTTP 状态码大于等于 400,TRUE 将将显示错误详情。 默认情况下将返回页面,忽略 HTTP 代码。
|
|
CURLOPT_SSL_FALSESTART |
TRUE 开启 TLS False Start (一种 TLS 握手优化方式)
|
cURL 7.42.0 中添加。自 PHP 7.0.7 起有效。 |
CURLOPT_FILETIME |
TRUE 时,会尝试获取远程文档中的修改时间信息。
信息可通过curl_getinfo()函数的CURLINFO_FILETIME 选项获取。
|
|
CURLOPT_FOLLOWLOCATION |
TRUE 时将会根据服务器返回 HTTP 头中的 "Location: " 重定向。(注意:这是递归的,"Location: " 发送几次就重定向几次,除非设置了 CURLOPT_MAXREDIRS,限制最大重定向次数。)。
|
|
CURLOPT_FORBID_REUSE |
TRUE 在完成交互以后强制明确的断开连接,不能在连接池中重用。
|
|
CURLOPT_FRESH_CONNECT |
TRUE 强制获取一个新的连接,而不是缓存中的连接。
|
|
CURLOPT_FTP_USE_EPRT |
TRUE 时,当 FTP 下载时,使用 EPRT (和 LPRT)命令。 设置为 FALSE 时禁用 EPRT 和 LPRT,仅仅使用PORT 命令。
|
|
CURLOPT_FTP_USE_EPSV |
TRUE 时,在FTP传输过程中,回到 PASV 模式前,先尝试 EPSV 命令。设置为 FALSE 时禁用 EPSV。
|
|
CURLOPT_FTP_CREATE_MISSING_DIRS |
TRUE 时,当 ftp 操作不存在的目录时将创建它。
|
|
CURLOPT_FTPAPPEND |
TRUE 为追加写入文件,而不是覆盖。
|
|
CURLOPT_TCP_NODELAY |
TRUE 时禁用 TCP 的 Nagle 算法,就是减少网络上的小包数量。
|
PHP 5.2.1 有效,编译时需要 libcurl 7.11.2 及以上。 |
CURLOPT_FTPASCII |
CURLOPT_TRANSFERTEXT 的别名。
|
|
CURLOPT_FTPLISTONLY |
TRUE 时只列出 FTP 目录的名字。
|
|
CURLOPT_HEADER |
启用时会将头文件的信息作为数据流输出。 | |
CURLINFO_HEADER_OUT |
TRUE 时追踪句柄的请求字符串。
|
从 PHP 5.1.3 开始可用。CURLINFO_ 的前缀是有意的(intentional)。
|
CURLOPT_HTTPGET |
TRUE 时会设置 HTTP 的 method 为 GET,由于默认是 GET,所以只有 method 被修改时才需要这个选项。
|
|
CURLOPT_HTTPPROXYTUNNEL |
TRUE 会通过指定的 HTTP 代理来传输。
|
|
CURLOPT_MUTE |
TRUE 时将完全静默,无论是何 cURL 函数。
|
在 cURL 7.15.5 中移出(可以使用 CURLOPT_RETURNTRANSFER 作为代替) |
CURLOPT_NETRC |
TRUE 时,在连接建立时,访问~/.netrc文件获取用户名和密码来连接远程站点。
|
|
CURLOPT_NOBODY |
TRUE 时将不输出 BODY 部分。同时 Mehtod 变成了 HEAD。修改为 FALSE 时不会变成 GET。
|
|
CURLOPT_NOPROGRESS |
|
|
CURLOPT_NOSIGNAL |
TRUE 时忽略所有的 cURL 传递给 PHP 进行的信号。在 SAPI 多线程传输时此项被默认启用,所以超时选项仍能使用。
|
cURL 7.10时被加入。 |
CURLOPT_PATH_AS_IS |
TRUE 不处理 dot dot sequences (即 ../ )
|
cURL 7.42.0 时被加入。 PHP 7.0.7 起有效。 |
CURLOPT_PIPEWAIT |
TRUE 则等待 pipelining/multiplexing。
|
cURL 7.43.0 时被加入。 PHP 7.0.7 起有效。 |
CURLOPT_POST |
TRUE 时会发送 POST 请求,类型为:application/x-www-form-urlencoded,是 HTML 表单提交时最常见的一种。
|
|
CURLOPT_PUT |
TRUE 时允许 HTTP 发送文件。要被 PUT 的文件必须在 CURLOPT_INFILE和CURLOPT_INFILESIZE 中设置。
|
|
CURLOPT_RETURNTRANSFER |
TRUE 将curl_exec()获取的信息以字符串返回,而不是直接输出。
|
|
CURLOPT_SAFE_UPLOAD |
TRUE 禁用 @ 前缀在 CURLOPT_POSTFIELDS 中发送文件。
意味着 @ 可以在字段中安全得使用了。
可使用 CURLFile 作为上传的代替。
|
PHP 5.5.0 中添加,默认值 FALSE。
PHP 5.6.0 改默认值为 TRUE。.
PHP 7 删除了此选项, 必须使用 CURLFile interface 来上传文件。
|
CURLOPT_SASL_IR |
TRUE 开启,收到首包(first packet)后发送初始的响应(initial response)。
|
cURL 7.31.10 中添加,自 PHP 7.0.7 起有效。 |
CURLOPT_SSL_ENABLE_ALPN |
FALSE 禁用 SSL 握手中的 ALPN (如果 SSL 后端的
libcurl 内建支持) 用于协商到 http2。
|
cURL 7.36.0 中增加, PHP 7.0.7 起有效。 |
CURLOPT_SSL_ENABLE_NPN |
FALSE 禁用 SSL 握手中的 NPN(如果 SSL 后端的
libcurl 内建支持),用于协商到 http2。
|
cURL 7.36.0 中增加, PHP 7.0.7 起有效。 |
CURLOPT_SSL_VERIFYPEER |
FALSE 禁止 cURL 验证对等证书(peer's
certificate)。要验证的交换证书可以在 CURLOPT_CAINFO 选项中设置,或在 CURLOPT_CAPATH中设置证书目录。
|
自cURL 7.10开始默认为 TRUE。从 cURL 7.10开始默认绑定安装。
|
CURLOPT_SSL_VERIFYSTATUS |
TRUE 验证证书状态。
|
cURL 7.41.0 中添加, PHP 7.0.7 起有效。 |
CURLOPT_TCP_FASTOPEN |
TRUE 开启 TCP Fast Open。
|
cURL 7.49.0 中添加, PHP 7.0.7 起有效。 |
CURLOPT_TFTP_NO_OPTIONS |
TRUE 不发送 TFTP 的 options 请求。
|
自 cURL 7.48.0 添加, PHP 7.0.7 起有效。 |
CURLOPT_TRANSFERTEXT |
TRUE 对 FTP 传输使用 ASCII 模式。对于LDAP,它检索纯文本信息而非 HTML。在 Windows 系统上,系统不会把 STDOUT 设置成二进制 模式。
|
|
CURLOPT_UNRESTRICTED_AUTH |
TRUE 在使用CURLOPT_FOLLOWLOCATION重定向 header 中的多个 location 时继续发送用户名和密码信息,哪怕主机名已改变。
|
|
CURLOPT_UPLOAD |
TRUE 准备上传。
|
|
CURLOPT_VERBOSE |
TRUE 会输出所有的信息,写入到STDERR,或在CURLOPT_STDERR中指定的文件。
|
以下 option的value应该被设置成 integer:
| 选项 | 设置value为 |
备注 |
|---|---|---|
CURLOPT_BUFFERSIZE |
每次读入的缓冲的尺寸。当然不保证每次都会完全填满这个尺寸。 | 在cURL 7.10中被加入。 |
CURLOPT_CLOSEPOLICY |
CURLCLOSEPOLICY_* 中的一个。
|
PHP 5.6.0 中移除。 |
CURLOPT_CONNECTTIMEOUT |
在尝试连接时等待的秒数。设置为0,则无限等待。 | |
CURLOPT_CONNECTTIMEOUT_MS |
尝试连接等待的时间,以毫秒为单位。设置为0,则无限等待。 如果 libcurl 编译时使用系统标准的名称解析器( standard system name resolver),那部分的连接仍旧使用以秒计的超时解决方案,最小超时时间还是一秒钟。 | 在 cURL 7.16.2 中被加入。从 PHP 5.2.3 开始可用。 |
CURLOPT_DNS_CACHE_TIMEOUT |
设置在内存中缓存 DNS 的时间,默认为120秒(两分钟)。 | |
CURLOPT_EXPECT_100_TIMEOUT_MS |
超时预计: 100毫秒内的 continue 响应 默认为 1000 毫秒。 | cURL 7.36.0 中添加,自 PHP 7.0.7 有效。 |
CURLOPT_FTPSSLAUTH |
FTP验证方式(启用的时候):CURLFTPAUTH_SSL (首先尝试SSL),CURLFTPAUTH_TLS (首先尝试TLS)或CURLFTPAUTH_DEFAULT (让cURL 自个儿决定)。 | 在 cURL 7.12.2 中被加入。 |
CURLOPT_HEADEROPT |
How to deal with headers. One of the following constants:
CURLHEADER_UNIFIED: the headers specified in
CURLOPT_HTTPHEADER will be used in requests
both to servers and proxies. With this option enabled,
CURLOPT_PROXYHEADER will not have any effect.
CURLHEADER_SEPARATE: makes
CURLOPT_HTTPHEADER headers only get sent to
a server and not to a proxy. Proxy headers must be set with
CURLOPT_PROXYHEADER to get used. Note that if
a non-CONNECT request is sent to a proxy, libcurl will send both
server headers and proxy headers. When doing CONNECT, libcurl will
send CURLOPT_PROXYHEADER headers only to the
proxy and then CURLOPT_HTTPHEADER headers
only to the server.
Defaults to CURLHEADER_SEPARATE as of cURL
7.42.1, and CURLHEADER_UNIFIED before.
|
Added in cURL 7.37.0. Available since PHP 7.0.7. |
CURLOPT_HTTP_VERSION |
CURL_HTTP_VERSION_NONE (默认值,让 cURL 自己判断使用哪个版本),CURL_HTTP_VERSION_1_0 (强制使用 HTTP/1.0)或CURL_HTTP_VERSION_1_1 (强制使用 HTTP/1.1)。
|
|
CURLOPT_HTTPAUTH |
使用的 HTTP 验证方法。选项有:
可以使用 | 位域(OR)操作符结合多个值,cURL 会让服务器选择受支持的方法,并选择最好的那个。
|
|
CURLOPT_INFILESIZE |
希望传给远程站点的文件尺寸,字节(byte)为单位。
注意无法用这个选项阻止 libcurl 发送更多的数据,确切发送什么取决于 CURLOPT_READFUNCTION。
|
|
CURLOPT_LOW_SPEED_LIMIT |
传输速度,每秒字节(bytes)数,根据CURLOPT_LOW_SPEED_TIME秒数统计是否因太慢而取消传输。
|
|
CURLOPT_LOW_SPEED_TIME |
当传输速度小于CURLOPT_LOW_SPEED_LIMIT时(bytes/sec),PHP会判断是否因太慢而取消传输。
|
|
CURLOPT_MAXCONNECTS |
允许的最大连接数量。达到限制时,会通过CURLOPT_CLOSEPOLICY决定应该关闭哪些连接。
|
|
CURLOPT_MAXREDIRS |
指定最多的 HTTP 重定向次数,这个选项是和CURLOPT_FOLLOWLOCATION一起使用的。
|
|
CURLOPT_PORT |
用来指定连接端口。 | |
CURLOPT_POSTREDIR |
位掩码, 1 (301 永久重定向), 2 (302 Found)
和 4 (303 See Other)
设置 CURLOPT_FOLLOWLOCATION 时,什么情况下需要再次 HTTP POST 到重定向网址。
|
cURL 7.19.1 中添加,PHP 5.3.2 开始可用。 |
CURLOPT_PROTOCOLS |
可用的协议选项为:
|
在 cURL 7.19.4 中被加入。 |
CURLOPT_PROXYAUTH |
HTTP 代理连接的验证方式。使用在CURLOPT_HTTPAUTH中的位掩码。
当前仅仅支持 CURLAUTH_BASIC和CURLAUTH_NTLM。
|
在 cURL 7.10.7 中被加入。 |
CURLOPT_PROXYPORT |
代理服务器的端口。端口也可以在CURLOPT_PROXY中设置。
|
|
CURLOPT_PROXYTYPE |
可以是 CURLPROXY_HTTP (默认值)
CURLPROXY_SOCKS4、
CURLPROXY_SOCKS5、
CURLPROXY_SOCKS4A 或
CURLPROXY_SOCKS5_HOSTNAME。
|
在 cURL 7.10 中被加入。 |
CURLOPT_REDIR_PROTOCOLS |
CURLPROTO_* 值的位掩码。如果被启用,位掩码会限制 libcurl 在 CURLOPT_FOLLOWLOCATION开启时,使用的协议。
默认允许除 FILE 和 SCP 外所有协议。
这和 7.19.4 前的版本无条件支持所有支持的协议不同。关于协议常量,请参照CURLOPT_PROTOCOLS。
|
在 cURL 7.19.4 中被加入。 |
CURLOPT_RESUME_FROM |
在恢复传输时,传递字节为单位的偏移量(用来断点续传)。 | |
CURLOPT_SSL_OPTIONS |
Set SSL behavior options, which is a bitmask of any of the following constants:
CURLSSLOPT_ALLOW_BEAST: do not attempt to use
any workarounds for a security flaw in the SSL3 and TLS1.0 protocols.
CURLSSLOPT_NO_REVOKE: disable certificate
revocation checks for those SSL backends where such behavior is
present.
|
Added in cURL 7.25.0. Available since PHP 7.0.7. |
CURLOPT_SSL_VERIFYHOST |
设置为 1 是检查服务器SSL证书中是否存在一个公用名(common name)。译者注:公用名(Common Name)一般来讲就是填写你将要申请SSL证书的域名 (domain)或子域名(sub domain)。 设置成 2,会检查公用名是否存在,并且是否与提供的主机名匹配。 0 为不检查名称。 在生产环境中,这个值应该是 2(默认值)。 | 值 1 的支持在 cURL 7.28.1 中被删除了。 |
CURLOPT_SSLVERSION |
CURL_SSLVERSION_DEFAULT (0),
CURL_SSLVERSION_TLSv1 (1),
CURL_SSLVERSION_SSLv2 (2),
CURL_SSLVERSION_SSLv3 (3),
CURL_SSLVERSION_TLSv1_0 (4),
CURL_SSLVERSION_TLSv1_1 (5) ,
CURL_SSLVERSION_TLSv1_2 (6) 中的其中一个。
|
|
CURLOPT_STREAM_WEIGHT |
设置 stream weight 数值 ( 1 和 256 之间的数字). | cURL 7.46.0 中添加,自 PHP 7.0.7 起有效。 |
CURLOPT_TIMECONDITION |
设置如何对待 CURLOPT_TIMEVALUE。
使用 CURL_TIMECOND_IFMODSINCE,仅在页面 CURLOPT_TIMEVALUE 之后修改,才返回页面。没有修改则返回 "304 Not Modified" 头,假设设置了 CURLOPT_HEADER 为 TRUE。CURL_TIMECOND_IFUNMODSINCE则起相反的效果。
默认为 CURL_TIMECOND_IFMODSINCE。
|
|
CURLOPT_TIMEOUT |
允许 cURL 函数执行的最长秒数。 | |
CURLOPT_TIMEOUT_MS |
设置cURL允许执行的最长毫秒数。 如果 libcurl 编译时使用系统标准的名称解析器( standard system name resolver),那部分的连接仍旧使用以秒计的超时解决方案,最小超时时间还是一秒钟。 | 在 cURL 7.16.2 中被加入。从 PHP 5.2.3 起可使用。 |
CURLOPT_TIMEVALUE |
秒数,从 1970年1月1日开始。这个时间会被 CURLOPT_TIMECONDITION使。默认使用CURL_TIMECOND_IFMODSINCE。
|
|
CURLOPT_MAX_RECV_SPEED_LARGE |
如果下载速度超过了此速度(以每秒字节数来统计) ,即传输过程中累计的平均数,传输就会降速到这个参数的值。默认不限速。 | cURL 7.15.5 中添加, PHP 5.4.0 有效。 |
CURLOPT_MAX_SEND_SPEED_LARGE |
如果上传的速度超过了此速度(以每秒字节数来统计),即传输过程中累计的平均数 ,传输就会降速到这个参数的值。默认不限速。 | cURL 7.15.5 中添加, PHP 5.4.0 有效。 |
CURLOPT_SSH_AUTH_TYPES |
A bitmask consisting of one or more of
CURLSSH_AUTH_PUBLICKEY,
CURLSSH_AUTH_PASSWORD,
CURLSSH_AUTH_HOST,
CURLSSH_AUTH_KEYBOARD. Set to
CURLSSH_AUTH_ANY to let libcurl pick one.
|
cURL 7.16.1 中添加。 |
CURLOPT_IPRESOLVE |
允许程序选择想要解析的 IP 地址类别。只有在地址有多种 ip 类别的时候才能用,可以的值有:
CURL_IPRESOLVE_WHATEVER、
CURL_IPRESOLVE_V4、
CURL_IPRESOLVE_V6,默认是
CURL_IPRESOLVE_WHATEVER。
|
cURL 7.10.8 中添加。 |
CURLOPT_FTP_FILEMETHOD |
告诉 curl 使用哪种方式来获取 FTP(s) 服务器上的文件。可能的值有:
CURLFTPMETHOD_MULTICWD、
CURLFTPMETHOD_NOCWD 和
CURLFTPMETHOD_SINGLECWD。
|
cURL 7.15.1 中添加, PHP 5.3.0 起有效。 |
对于下面的这些option,value应该被设置成 string:
| 选项 | 设置的value |
备注 |
|---|---|---|
CURLOPT_CAINFO |
一个保存着1个或多个用来让服务端验证的证书的文件名。这个参数仅仅在和CURLOPT_SSL_VERIFYPEER一起使用时才有意义。 .
|
可能需要绝对路径。 |
CURLOPT_CAPATH |
一个保存着多个CA证书的目录。这个选项是和CURLOPT_SSL_VERIFYPEER一起使用的。
|
|
CURLOPT_COOKIE |
设定 HTTP 请求中"Cookie: "部分的内容。多个 cookie 用分号分隔,分号后带一个空格(例如, "fruit=apple; colour=red")。 | |
CURLOPT_COOKIEFILE |
包含 cookie 数据的文件名,cookie 文件的格式可以是 Netscape 格式,或者只是纯 HTTP 头部风格,存入文件。如果文件名是空的,不会加载 cookie,但 cookie 的处理仍旧启用。 | |
CURLOPT_COOKIEJAR |
连接结束后,比如,调用 curl_close 后,保存 cookie 信息的文件。 | |
CURLOPT_CUSTOMREQUEST |
HTTP 请求时,使用自定义的 Method 来代替"GET"或"HEAD"。对 "DELETE" 或者其他更隐蔽的 HTTP 请求有用。 有效值如 "GET","POST","CONNECT"等等;也就是说,不要在这里输入整行 HTTP 请求。例如输入"GET /index.html HTTP/1.0\r\n\r\n"是不正确的。
|
|
CURLOPT_DEFAULT_PROTOCOL |
URL不带协议的时候,使用的默认协议。 |
cURL 7.45.0 中添加,自 PHP 7.0.7 起有效。 |
CURLOPT_DNS_INTERFACE |
Set the name of the network interface that the DNS resolver should bind to. This must be an interface name (not an address). |
Added in cURL 7.33.0. Available since PHP 7.0.7. |
CURLOPT_DNS_LOCAL_IP4 |
Set the local IPv4 address that the resolver should bind to. The argument should contain a single numerical IPv4 address as a string. |
Added in cURL 7.33.0. Available since PHP 7.0.7. |
CURLOPT_DNS_LOCAL_IP6 |
Set the local IPv6 address that the resolver should bind to. The argument should contain a single numerical IPv6 address as a string. |
Added in cURL 7.33.0. Available since PHP 7.0.7. |
CURLOPT_EGDSOCKET |
类似CURLOPT_RANDOM_FILE,除了一个Entropy Gathering Daemon套接字。
|
|
CURLOPT_ENCODING |
HTTP请求头中"Accept-Encoding: "的值。 这使得能够解码响应的内容。 支持的编码有"identity","deflate"和"gzip"。如果为空字符串"",会发送所有支持的编码类型。 | 在 cURL 7.10 中被加入。 |
CURLOPT_FTPPORT |
这个值将被用来获取供FTP"PORT"指令所需要的IP地址。 "PORT" 指令告诉远程服务器连接到我们指定的IP地址。这个字符串可以是纯文本的IP地址、主机名、一个网络接口名(UNIX下)或者只是一个'-'来使用默认的 IP 地址。 | |
CURLOPT_INTERFACE |
发送的网络接口(interface),可以是一个接口名、IP 地址或者是一个主机名。 | |
CURLOPT_KEYPASSWD |
使用 CURLOPT_SSLKEY
或 CURLOPT_SSH_PRIVATE_KEYFILE 私钥时候的密码。
|
在 cURL 7.16.1 中添加。 |
CURLOPT_KRB4LEVEL |
KRB4 (Kerberos 4) 安全级别。下面的任何值都是有效的(从低到高的顺序):"clear"、"safe"、"confidential"、"private".。如果字符串以上这些,将使用"private"。
这个选项设置为 NULL 时将禁用 KRB4 安全认证。目前 KRB4 安全认证只能用于 FTP 传输。
|
|
CURLOPT_LOGIN_OPTIONS |
Can be used to set protocol specific login options, such as the
preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*",
and should be used in conjunction with the
CURLOPT_USERNAME option.
|
Added in cURL 7.34.0. Available since PHP 7.0.7. |
CURLOPT_PINNEDPUBLICKEY |
Set the pinned public key. The string can be the file name of your pinned public key. The file format expected is "PEM" or "DER". The string can also be any number of base64 encoded sha256 hashes preceded by "sha256//" and separated by ";". | Added in cURL 7.39.0. Available since PHP 7.0.7. |
CURLOPT_POSTFIELDS |
全部数据使用HTTP协议中的 "POST" 操作来发送。
要发送文件,在文件名前面加上@前缀并使用完整路径。
文件类型可在文件名后以 ';type=mimetype' 的格式指定。
这个参数可以是 urlencoded 后的字符串,类似'para1=val1¶2=val2&...',也可以使用一个以字段名为键值,字段数据为值的数组。
如果value是一个数组,Content-Type头将会被设置成multipart/form-data。
从 PHP 5.2.0 开始,使用 @ 前缀传递文件时,value 必须是个数组。
从 PHP 5.5.0 开始, @ 前缀已被废弃,文件可通过 CURLFile 发送。
设置 CURLOPT_SAFE_UPLOAD 为 TRUE 可禁用 @ 前缀发送文件,以增加安全性。
|
|
CURLOPT_PRIVATE |
Any data that should be associated with this cURL handle.
This data
can subsequently be retrieved with the
CURLINFO_PRIVATE option of
curl_getinfo(). cURL does nothing with this data.
When using a cURL multi handle, this private data is typically a
unique key to identify a standard cURL handle.
|
Added in cURL 7.10.3. |
CURLOPT_PROXY |
HTTP 代理通道。 | |
CURLOPT_PROXY_SERVICE_NAME |
代理验证服务的名称。 | cURL 7.34.0 中添加,PHP 7.0.7 起有效。 |
CURLOPT_PROXYUSERPWD |
一个用来连接到代理的"[username]:[password]"格式的字符串。 | |
CURLOPT_RANDOM_FILE |
一个被用来生成 SSL 随机数种子的文件名。 | |
CURLOPT_RANGE |
以"X-Y"的形式,其中X和Y都是可选项获取数据的范围,以字节计。HTTP传输线程也支持几个这样的重复项中间用逗号分隔如"X-Y,N-M"。 | |
CURLOPT_REFERER |
在HTTP请求头中"Referer: "的内容。 | |
CURLOPT_SERVICE_NAME |
验证服务的名称 | cURL 7.43.0 起添加,自 PHP 7.0.7 有效。 |
CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 |
包含 32 位长的 16 进制数值。这个字符串应该是远程主机公钥(public key) 的 MD5 校验值。在不匹配的时候 libcurl 会拒绝连接。 此选项仅用于 SCP 和 SFTP 的传输。 | cURL 7.17.1 中添加。 |
CURLOPT_SSH_PUBLIC_KEYFILE |
The file name for your public key. If not used, libcurl defaults to $HOME/.ssh/id_dsa.pub if the HOME environment variable is set, and just "id_dsa.pub" in the current directory if HOME is not set. | Added in cURL 7.16.1. |
CURLOPT_SSH_PRIVATE_KEYFILE |
The file name for your private key. If not used, libcurl defaults to
$HOME/.ssh/id_dsa if the HOME environment variable is set,
and just "id_dsa" in the current directory if HOME is not set.
If the file is password-protected, set the password with
CURLOPT_KEYPASSWD.
|
Added in cURL 7.16.1. |
CURLOPT_SSL_CIPHER_LIST |
一个SSL的加密算法列表。例如RC4-SHA和TLSv1都是可用的加密列表。 | |
CURLOPT_SSLCERT |
一个包含 PEM 格式证书的文件名。 | |
CURLOPT_SSLCERTPASSWD |
使用CURLOPT_SSLCERT证书需要的密码。
|
|
CURLOPT_SSLCERTTYPE |
证书的类型。支持的格式有"PEM" (默认值), "DER"和"ENG"。 | 在 cURL 7.9.3中 被加入。 |
CURLOPT_SSLENGINE |
用来在CURLOPT_SSLKEY中指定的SSL私钥的加密引擎变量。
|
|
CURLOPT_SSLENGINE_DEFAULT |
用来做非对称加密操作的变量。 | |
CURLOPT_SSLKEY |
包含 SSL 私钥的文件名。 | |
CURLOPT_SSLKEYPASSWD |
在
|
|
CURLOPT_SSLKEYTYPE |
CURLOPT_SSLKEY中规定的私钥的加密类型,支持的密钥类型为"PEM"(默认值)、"DER"和"ENG"。
|
|
CURLOPT_UNIX_SOCKET_PATH |
使用 Unix 套接字作为连接,并用指定的 string 作为路径。 | cURL 7.40.0 中添加, PHP 7.0.7 起有效。 |
CURLOPT_URL |
需要获取的 URL 地址,也可以在curl_init() 初始化会话的时候。 | |
CURLOPT_USERAGENT |
在HTTP请求中包含一个"User-Agent: "头的字符串。 | |
CURLOPT_USERNAME |
验证中使用的用户名。 | cURL 7.19.1 中添加,PHP 5.5.0 起有效。 |
CURLOPT_USERPWD |
传递一个连接中需要的用户名和密码,格式为:"[username]:[password]"。 | |
CURLOPT_XOAUTH2_BEARER |
指定 OAuth 2.0 access token。 | cURL 7.33.0 中添加,自 PHP 7.0.7 添加。 |
以下option,value应该被设置成数组:
| 选项 | 可选value值 |
备注 |
|---|---|---|
CURLOPT_CONNECT_TO |
连接到指定的主机和端口,替换 URL 中的主机和端口。接受指定字符串格式的数组: HOST:PORT:CONNECT-TO-HOST:CONNECT-TO-PORT。 | cURL 7.49.0 中添加, PHP 7.0.7 起有效。 |
CURLOPT_HTTP200ALIASES |
HTTP 200 响应码数组,数组中的响应码被认为是正确的响应,而非错误。 | 在 cURL 7.10.3 中被加入。 |
CURLOPT_HTTPHEADER |
设置 HTTP 头字段的数组。格式:
array('Content-type: text/plain', 'Content-length: 100')
|
|
CURLOPT_POSTQUOTE |
在 FTP 请求执行完成后,在服务器上执行的一组array格式的 FTP 命令。 | |
CURLOPT_PROXYHEADER |
传给代理的自定义 HTTP 头。 | cURL 7.37.0 中添加,自 PHP 7.0.7 添加。 |
CURLOPT_QUOTE |
一组先于 FTP 请求的在服务器上执行的FTP命令。 | |
CURLOPT_RESOLVE |
提供自定义地址,指定了主机和端口。
包含主机、端口和 ip 地址的字符串,组成 array 的,每个元素以冒号分隔。格式:
array("example.com:80:127.0.0.1")
|
在 cURL 7.21.3 中添加,自 PHP 5.5.0 起可用。 |
以下 option,value应该被设置成流资源
(例如使用fopen()):
| 选项 | 可选value值 |
|---|---|
CURLOPT_FILE |
设置输出文件,默认为STDOUT (浏览器)。 |
CURLOPT_INFILE |
上传文件时需要读取的文件。 |
CURLOPT_STDERR |
错误输出的地址,取代默认的STDERR。 |
CURLOPT_WRITEHEADER |
设置 header 部分内容的写入的文件地址。 |
以下option 的 value应该是有效的函数或者闭包:
| 选项 | value值 |
|---|---|
CURLOPT_HEADERFUNCTION |
设置一个回调函数,这个函数有两个参数,第一个是cURL的资源句柄,第二个是输出的 header 数据。header数据的输出必须依赖这个函数,返回已写入的数据大小。 |
CURLOPT_PASSWDFUNCTION |
设置一个回调函数,有三个参数,第一个是cURL的资源句柄,第二个是一个密码提示符,第三个参数是密码长度允许的最大值。返回密码的值。 |
CURLOPT_PROGRESSFUNCTION |
设置一个回调函数,有五个参数,第一个是cURL的资源句柄,第二个是预计要下载的总字节(bytes)数。第三个是目前下载的字节数,第四个是预计传输中总上传字节数,第五个是目前上传的字节数。
返回非零值将中断传输。
传输将设置 |
CURLOPT_READFUNCTION |
回调函数名。该函数应接受三个参数。第一个是 cURL resource;第二个是通过选项
CURLOPT_INFILE 传给 cURL 的 stream resource;第三个参数是最大可以读取的数据的数量。回
调函数必须返回一个字符串,长度小于或等于请求的数据量(第三个参数)。一般从传入的 stream
resource 读取。返回空字符串作为 EOF(文件结束) 信号。
|
CURLOPT_WRITEFUNCTION |
回调函数名。该函数应接受两个参数。第一个是 cURL resource;第二个是要写入的数据字符串。数 据必须在函数中被保存。 函数必须准确返回写入数据的字节数,否则传输会被一个错误所中 断。 |
其他值:
| Option | 设置 value 为 |
|---|---|
CURLOPT_SHARE |
curl_share_init() 返回的结果。 使 cURL 可以处理共享句柄里的数据。 |
成功时返回 TRUE, 或者在失败时返回 FALSE。
| 版本 | 说明 |
|---|---|
| 7.0.7 |
引入 CURL_HTTP_VERSION_2、 CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE、
CURL_HTTP_VERSION_2TLS、 CURL_REDIR_POST_301、
CURL_REDIR_POST_302、 CURL_REDIR_POST_303、
CURL_REDIR_POST_ALL、 CURL_VERSION_KERBEROS5、
CURL_VERSION_PSL、 CURL_VERSION_UNIX_SOCKETS、
CURLAUTH_NEGOTIATE、 CURLAUTH_NTLM_WB、
CURLFTP_CREATE_DIR、 CURLFTP_CREATE_DIR_NONE、
CURLFTP_CREATE_DIR_RETRY、 CURLHEADER_SEPARATE、
CURLHEADER_UNIFIED、 CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE、
CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE、 CURLMOPT_MAX_HOST_CONNECTIONS、
CURLMOPT_MAX_PIPELINE_LENGTH、 CURLMOPT_MAX_TOTAL_CONNECTIONS、
CURLOPT_CONNECT_TO、 CURLOPT_DEFAULT_PROTOCOL、
CURLOPT_DNS_INTERFACE、 CURLOPT_DNS_LOCAL_IP4、
CURLOPT_DNS_LOCAL_IP6、 CURLOPT_EXPECT_100_TIMEOUT_MS、
CURLOPT_HEADEROPT、 CURLOPT_LOGIN_OPTIONS、
CURLOPT_PATH_AS_IS、 CURLOPT_PINNEDPUBLICKEY、
CURLOPT_PIPEWAIT、 CURLOPT_PROXY_SERVICE_NAME、
CURLOPT_PROXYHEADER、 CURLOPT_SASL_IR、
CURLOPT_SERVICE_NAME、 CURLOPT_SSL_ENABLE_ALPN、
CURLOPT_SSL_ENABLE_NPN、 CURLOPT_SSL_FALSESTART、
CURLOPT_SSL_VERIFYSTATUS、 CURLOPT_STREAM_WEIGHT、
CURLOPT_TCP_FASTOPEN、 CURLOPT_TFTP_NO_OPTIONS、
CURLOPT_UNIX_SOCKET_PATH、 CURLOPT_XOAUTH2_BEARER、
CURLPROTO_SMB、 CURLPROTO_SMBS、
CURLPROXY_HTTP_1_0、 CURLSSH_AUTH_AGENT 和
CURLSSLOPT_NO_REVOKE。
|
| 7.0.0 |
禁用 CURLOPT_SAFE_UPLOAD 的选项已被删掉了。
所有的 curl 文件的上传都必须使用 CURLFile。
|
| 5.6.0 |
默认 CURLOPT_SAFE_UPLOAD为 TRUE 。
|
| 5.6.0 |
移出 CURLOPT_CLOSEPOLICY和相关的值。
|
| 5.5.0 |
添加 cURL 资源作为 CURLOPT_PROGRESSFUNCTION 回调函数的第一个参数。
|
| 5.5.0 |
引入 CURLOPT_SHARE。
|
| 5.3.0 |
引入 CURLOPT_PROGRESSFUNCTION。
|
| 5.2.10 |
引入 CURLOPT_PROTOCOLS, and
CURLOPT_REDIR_PROTOCOLS.
|
| 5.2.4 |
引入了 CURLOPT_PRIVATE。
|
| 5.1.0 |
引入 CURLOPT_AUTOREFERER,
CURLOPT_BINARYTRANSFER,
CURLOPT_FTPSSLAUTH,
CURLOPT_PROXYAUTH, and
CURLOPT_TIMECONDITION.
|
| 5.0.0 |
引入 CURLOPT_FTP_USE_EPRT,
CURLOPT_NOSIGNAL,
CURLOPT_UNRESTRICTED_AUTH,
CURLOPT_BUFFERSIZE,
CURLOPT_HTTPAUTH,
CURLOPT_PROXYPORT,
CURLOPT_PROXYTYPE,
CURLOPT_SSLCERTTYPE, and
CURLOPT_HTTP200ALIASES.
|
Example #1 初始化一个新的cURL会话并获取一个网页
<?php
// 创建一个新cURL资源
$ch = curl_init();
// 设置URL和相应的选项
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
curl_setopt($ch, CURLOPT_HEADER, false);
// 抓取URL并把它传递给浏览器
curl_exec($ch);
//关闭cURL资源,并且释放系统资源
curl_close($ch);
?>
Example #2 上传文件 (PHP 5.5.0 后被废弃)
<?php
/* http://localhost/upload.php:
print_r($_POST);
print_r($_FILES);
*/
$ch = curl_init();
$data = array('name' => 'Foo', 'file' => '@/home/user/test.png');
curl_setopt($ch, CURLOPT_URL, 'http://localhost/upload.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false); // PHP 5.6.0 后必须开启
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
?>
以上例程会输出:
Array
(
[name] => Foo
)
Array
(
[file] => Array
(
[name] => test.png
[type] => image/png
[tmp_name] => /tmp/phpcpjNeQ
[error] => 0
[size] => 279
)
)
Note:
传递一个数组到
CURLOPT_POSTFIELDS,cURL会把数据编码成 multipart/form-data,而然传递一个URL-encoded字符串时,数据会被编码成 application/x-www-form-urlencoded。
Note that CURLOPT_TIMEOUT takes integers, so you cannot use it to set a timeout smaller than one second.
When you get this error using a PUT request: "SSL read: error:00000000:lib(0):func(0):reason(0), errno 104")
It could be caused by:
<?php
curl_setopt($ch, CURLOPT_PUT, TRUE);
?>
Instead try:
<?php
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
?>
https://muchotrap.com todo el trap urbano en una sola web
If you have problems with CURLOPT_SSL_VERIFYPEER and using Apache.
Download certificate bundle:
http://curl.haxx.se/docs/caextract.html
Then set a path not in your php.ini, but in phpForApache.ini file.
Example:
curl.cainfo=c:\php\cacert.pem
Be sure not to set CURLOPT_POST to 1 (or True) if you are uploading a file, even if you are also providing textual Post data in your request. Took two hours to discover that including this option was the cause of my receiving script not having $_FILES set. The documentation explains it, but many examples around the web incorrectly include the CURLOPT_POST option in their example code. (Their examples only work because they happen to set this option first, and curl automatically resets it if you set CURLOPT_POSTFIELDS and it includes a file. Set your post fields first and then the CURLOPT_POST option however, and your code will not work.)
Per the documentation:
CURLOPT_POST: "TRUE to do a regular HTTP POST. This POST is the normal application/x-www-form-urlencoded kind, most commonly used by HTML forms. "
In the long documentation, it's easy to miss the fact that CURLOPT_POSTFIELDS will set the Content-Type to "multipart/form-data" (instead of the usual "application/x-www-form-urlencoded") IFF you supply an array (instead of a query string)!
Some servers will return weird errors (like "SSL read: error:00000000:lib(0):func(0):reason(0), errno 104") for the wrong Content-Type, and you may waste many hours of time trying to figure out why!
This is howto upload an existing file to an FTP server with cURL in PHP.
You should remember that CURLOPT_URL should contain the file's basename to save on the FTP server. For example, if you upload hello.txt to ftp://www.wuxiancheng.cn/text/, CURLOPT_URL should be ftp://www.wuxiancheng.cn/text/hello.txt rather than ftp://www.wuxiancheng.cn/text/, otherwise you will get an error message like "Uploading to a URL without a file name! " when you call curl_error();
<?php
$ch = curl_init();
$filepath = 'D:\Web\www\wuxiancheng.cn\hello.txt';
$basename = pathInfo($filepath, PATHINFO_BASENAME);
$filesize = fileSize($filepath);
curl_setopt_array(
$ch,
array(
CURLOPT_URL => 'ftp://www.wuxiancheng.cn/text/' . $basename,
CURLOPT_USERPWD => 'USERNAME:PASSWORD',
CURLOPT_PROTOCOLS => CURLPROTO_FTP,
CURLOPT_UPLOAD => true,
CURLOPT_INFILE => $filepath,
CURLOPT_INFILESIZE => $filesize,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false,
)
);
curl_exec($ch);
$message = curl_errno($ch) === CURLE_OK ? 'success' : 'failure';
echo $message;
?>
What is not mentioned in the documentation is that if you want to set a local-port or local-port-range to establish a connection is possible by adding CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE options.
Ex:
$conn=curl_init ('example.com');
curl_setopt($conn, CURLOPT_LOCALPORT, 35000);
curl_setopt($conn, CURLOPT_LOCALPORTRANGE, 200);
CURLOPT_LOCALPORT: This sets the local port number of the socket used for the connection.
CURLOPT_LOCALPORTRANGE: The range argument is the number of attempts libcurl will make to find a working local port number. It starts with the given CURLOPT_LOCALPORT and adds one to the number for each retry. Setting this option to 1 or below will make libcurl do only one try for the exact port number.
Interface can be also configured using CURLOPT_INTERFACE:
Ex:
curl_setopt($conn, CURLOPT_INTERFACE, "eth1");
On recent versions of MacOS CURLOPT_SSL_VERIFYPEER cannot be disabled, unless you have compiled PHP yourself with the official cURL library and OpenSSL.
Why?
1) MacOS is bundling its own version of cURL which has Apple SecureTransport as the SSL handling.
2) The implementation will complain if CURLOPT_SSL_VERIFYPEER is disabled but CURLOPT_CAINFO is set ("CA certificate set, but certificate verification is disabled").
3) The implementation will consider CURLOPT_CAINFO set even if it is set to blank/null/false ("can't load CA certificate file"). This error comes from ""SSL: can't load CA certificate file %s"" in https://opensource.apple.com/source/curl/curl-95/curl/lib/vtls/darwinssl.c, you can see there's no blank verification.
To confirm this is what is affecting you look for what "SSL Version" is set at in the PHP-info. This is under the cURL settings.
To resolve you need to compile cURL (e.g. using Homebrew) with OpenSSL enabled:
brew install curl --with-openssl
Then compile PHP with something like this in the configure command:
'--with-curl=/usr/local/opt/curl'
It may also be possible to use Homebrew to compile PHP using it's own cURL, I haven't checked this.
Once resolved "SSL Version" will report something like "OpenSSL/1.0.2l".
Of course you shouldn't disable certificate validation. I am only doing it because I'm writing code to detect if a site's SSL is broken (works with verify peer, doesn't work without). Others maybe are using self-signed certificates and don't want to work out how to make them a root authority. Never ever use live.
About this post in here:
http://php.net/manual/en/function.curl-setopt.php#102121
>Handling redirections with curl if safe_mode or open_basedir is enabled.
>...
>function curl_exec_follow(/*resource*/ $ch, /*int*/ &$maxredirect = null) {
>...
~~~~~~~~~~~~~
IMPORTANT:
This is not work if set "CURLOPT_FILE".
For resolve this issue, can return $ch instead of curl_exec($ch), and after then set CURLOPT_FILE and use curl_exec($ch).
Contrary to the documentation, CURLOPT_STDERR should be set to a handle to the file you want to write to, not the file's location.
It may not be an issue which affects anyone, but I think it's worth noting that using the CURLOPT_POSTFIELDS option has the side effect of setting the CURLOPT_POST option to TRUE.
When testing some code that required the post method, I commented out my CURLOPT_POST line to see how it failed and it didn't. Further investigation using curl_getinfo revealed that setting the CURLOPT_POSTFIELDS option was also setting the POST option.
Never provide a CURLOPT_CUSTOMREQUEST value of 'HEAD'. It will cause cURL to timeout. Instead set CURLOPT_NOBODY to true.
The problem occurs because CURLOPT_CUSTOMREQUEST directly substitutes what cURL sends in transit, but not the response handling logic. It causes it to stall waiting for data that will never come.
You may also specify the certificate authority file with an environment variable.
export SSL_CERT_FILE=/path/to/cacert.pem
Send body file use RFC7578 ("multipart/form-data")
// class contain file
class oFile
{
private $name;
private $mime;
private $content;
public function __construct($name, $mime=null, $content=null)
{
if(is_null($content))
{
$info = pathinfo($name);
// check is exist and readable file
if(!empty($info['basename']) && is_readable($name))
{
$this->name = $info['basename'];
// get MIME
$this->mime = mime_content_type($name);
// load file
$content = file_get_contents($name);
if($content!==false) $this->content = $content;
else throw new Exception('Don`t get content - "'.$name.'"');
} else throw new Exception('Error param');
} else
{
$this->name = $name;
if(is_null($mime)) $mime = mime_content_type($name);
$this->mime = $mime;
$this->content = $content;
};
}
public function Name() { return $this->name; }
public function Mime() { return $this->mime; }
public function Content() { return $this->content; }
};
// create body for POST request
class BodyPost
{
// part "multipart/form-data"
public static function PartPost($name, $val)
{
$body = 'Content-Disposition: form-data; name="' . $name . '"';
// check instance of oFile
if($val instanceof oFile)
{
$file = $val->Name();
$mime = $val->Mime();
$cont = $val->Content();
$body .= '; filename="' . $file . '"' . "\r\n";
$body .= 'Content-Type: ' . $mime ."\r\n\r\n";
$body .= $cont."\r\n";
} else $body .= "\r\n\r\n".urlencode($val)."\r\n";
return $body;
}
public static function Get(array $post, $delimiter='-------------0123456789')
{
if(is_array($post) && !empty($post))
{
$bool = false;
foreach($post as $val) if($val instanceof oFile) {$bool = true; break; };
if($bool)
{
$ret = '';
foreach($post as $name=>$val)
$ret .= '--' . $delimiter. "\r\n". self::PartPost($name, $val);
$ret .= "--" . $delimiter . "--\r\n";
} else $ret = http_build_query($post);
} else throw new \Exception('Error input param!');
return $ret;
}
};
$delimiter = '-------------'.uniqid();
$file = new oFile('sample.txt', 'text/plain', 'Content file');
$post = BodyPost::Get(array('field'=>'text', 'file'=>$file), $delimiter);
var_dump($post);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://server/upload/');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: multipart/form-data; boundary=' . $delimiter,
'Content-Length: ' . strlen($post)));
curl_exec($ch);
Sorry, I made a mistake. For validating cookie entries it is best to use at least:
/^([^\t]+\t){6}[^\t]+$/
There was not enough space for me to put in the rationale for not using persistent storage with cookies but it should be obvious. It's YAGNI for most scenarios. In this case at best it complicate things, at the worst you perform an operation using the wrong cookie session. It can also increase the chance of failure, waste resources, reduce performance and create mess in the file system.
The plus of persistent is that In some cases it may be used to accelerate across processes but not many people actually need that and when they do there tend to be better options such as using memcached.
If someone can edit and merge the comments it would be appreciated.
It is important that anyone working with cURL and PHP keep in mind that not all of the CURLOPT and CURLINFO constants are documented. I always recommend reading the cURL documentation directly as it sometimes contains better information. The cURL API in tends to be fubar as well so do not expect things to be where you would normally logically look for them.
curl is especially difficult to work with when it comes to cookies. So I will talk about what I found with PHP 5.6 and curl 7.26.
If you want to manage cookies in memory without using files including reading, writing and clearing custom cookies then continue reading.
To start with, the way to enable in memory only cookies associated with a cURL handle you should use:
curl_setopt($curl, CURLOPT_COOKIEFILE, "");
cURL likes to use magic strings in options as special commands. Rather than having an option to enable the cookie engine in memory it uses a magic string to do that. Although vaguely the documentation here mentions this however most people like me wouldn't even read that because a COOKIEFILE is the complete opposite of what we want.
To get the cookies for a curl handle you can use:
curl_getinfo($curl, CURLINFO_COOKIELIST);
This will give an array containing a string for each cookie. It is tab delimited and unfortunately you will have to parse it yourself if you want to do anything beyond copying the cookies.
To clear the in memory cookies for a cURL handle you can use:
curl_setopt($curl, CURLOPT_COOKIELIST, "ALL");
This is a magic string. There are others in the cURL documentation. If a magic string isn't used, this field should take a cookie in the same string format as in getinfo for the cookielist constant. This can be used to delete individual cookies although it's not the most elegant API for doing so.
For copying cookies I recommend using curl_share_init.
You can also copy cookies from one handle to another like so:
foreach(curl_getinfo($curl_a, CURLINFO_COOKIELIST) as $cookie_line)
curl_setopt($curl, CURLOPT_COOKIELIST, $cookie_line);
An inelegant way to delete a cookie would be to skip the one you don't want.
I only recommend using COOKIELIST with magic strings because the cookie format is not secure or stable. You can inject tabs into at least path and name so it becomes impossible to parse reliably. If you must parse this then to keep it secure I recommend prohibiting more than 6 tabs in the content which probably isn't a big loss to most people.
A the absolute minimum for validation I would suggest:
/^([^\t]+\t){5}[^\t]+$/D
Here is the format:
#define SEP "\t" /* Tab separates the fields */
char *my_cookie =
"example.com" /* Hostname */
SEP "FALSE" /* Include subdomains */
SEP "/" /* Path */
SEP "FALSE" /* Secure */
SEP "0" /* Expiry in epoch time format. 0 == Session */
SEP "foo" /* Name */
SEP "bar"; /* Value */
If you need to do DELETE request, use CURLOPT_CUSTOMREQUEST with "DELETE" and use CURLOPT_POSTFIELDS for parameters. Do not put request parameters into the URL (GET-like) or bad things will happen (at least Apache+mod_php does not like such requests).
Please notice that CURLINFO_HEADER_OUT and CURLOPT_VERBOSE option does not work together:
"When CURLINFO_HEADER_OUT is set to TRUE than CURLOPT_VERBOSE does not work."(from https://bugs.php.net/bug.php?id=65348).
This took me an hour or two to figure it out.
In today's changed TLS landscape, you might eventually encounter servers which only operate on TLS 1.1 or TLS 1.2, and will actively refuse TLS 1.0 connections.
If you're relying on CURLOPT_SSLVERSION's default setting, you'll never make a successful connection to the server.
You can solve this by setting CURLOPT_SSLVERSION to either 5 (for CURL_SSLVERSION_TLSv1_1) or 6 (for CURL_SSLVERSION_TLSv1_2) .
With the legacy file upload feature, Curl sends the file name of the actual file and there isn't a documented way to change that behaviour. If you aren't able to use the CURLFile class there's a workaround that apparently works: append "; filename=" after the value (and make sure it comes after "type=").
<?php
$postfields = array(
'document[]' => '@/tmp/upload_qm5ee8FBxi; type=image/jpeg; filename=Kitten.jpg',
);
Please note that if you want to handle progress using CURLOPT_PROGRESSFUNCTION option, you need to take into consideration what version of PHP are you using. Since version 5.5.0, compatibility-breaking change was introduced in number/order of the arguments passed to the callback function, and cURL resource is now passed as first argument.
Prior to version 5.5.0:
<?php
// ...
curl_setopt($resource, CURLOPT_PROGRESSFUNCTION, 'progressCallback');
curl_setopt($resource, CURLOPT_NOPROGRESS, false);
// ...
function progressCallback($download_size = 0, $downloaded = 0, $upload_size = 0, $uploaded = 0)
{
// Handle progress
}
?>
From version 5.5.0:
<?php
// ...
curl_setopt($resource, CURLOPT_PROGRESSFUNCTION, 'progressCallback');
curl_setopt($resource, CURLOPT_NOPROGRESS, false);
// ...
function progressCallback($resource, $download_size = 0, $downloaded = 0, $upload_size = 0, $uploaded = 0)
{
// Handle progress
}
?>
However, if your code needs to be compatible with PHP version both before and after 5.5.0, consider adding a version check:
<?php
// ...
curl_setopt($resource, CURLOPT_PROGRESSFUNCTION, 'progressCallback');
curl_setopt($resource, CURLOPT_NOPROGRESS, false);
// ...
function progressCallback($resource, $download_size = 0, $downloaded = 0, $upload_size = 0, $uploaded = 0)
{
/**
* $resource parameter was added in version 5.5.0 breaking backwards compatibility;
* if we are using PHP version lower than 5.5.0, we need to shift the arguments
* @see http://php.net/manual/en/function.curl-setopt.php#refsect1-function.curl-setopt-changelog
*/
if (version_compare(PHP_VERSION, '5.5.0') < 0) {
$uploaded = $upload_size;
$upload_size = $downloaded;
$downloaded = $download_size;
$download_size = $resource;
}
// Handle progress
}
?>
If you use cURL to fetch user-supplied URLs (for instance, in a web-based RSS aggregator), be aware of the risk of server-side request forgery (SSRF). This is an attack where the user takes advantage of the fact that cURL requests are sent from the web server itself, to reach network locations they wouldn't be able to reach from outside the network.
For instance, they could enter a "http://localhost" URL, and access things on the web server via "localhost". Or, "ftp://localhost". cURL supports a lot of protocols!
If you are using CURLOPT_FOLLOWLOCATION, the malicious URL could be in a redirect from the original request. cURL also will follow redirect headers to other protocols! (303 See Other; Location: ftp://localhost).
So if you're using cURL with user-supplied URLs, at the very least use CURLOPT_PROTOCOLS (which also sets CURLOPT_REDIR_PROTOCOLS), and either disable CURLOPT_FOLLOWLOCATION or use the "SafeCurl" library to safely follow redirects.
CURL_SSLVERSION_TLSv1_0 (4), CURL_SSLVERSION_TLSv1_1 (5) or CURL_SSLVERSION_TLSv1_2 (6) only work for PHP versions using curl 7.34 or newer.
to complement shiplu's comment on the neccessary option sequence of CURLOPT_POST before CURLOPT_POSTFIELDS:
The crux is not some error on nginx, but that nothing at all will be send over the line by curl. Parameters set by a "CURLOPT_POSTFIELDS" option setting will be completely ignored, as long as no "CURLOPT_POST" has been encountered beforehand: Neigther the Content-Type header will be set/generated accordingly nor Content-Length nor any data will be send in the body.
When using curl_setopt_array, the sequence in the array matters as well.
One note of importance when you open several cURL handles simultaneously: If you want to share cookies via cookie-jar file among all your handles - be sure to curl_close() one before using the cookie-jar file from the other.
It appears that during cURL handler execution the cookies are kept in some sort of handler specific internal session storage and only upon explicit curl_close() call or interpreter exit garbage collection these cookies are actually flushed to the file on the hard disk ( I guess for performance reasons ).
I hope this note will save you couple of hours debugging :)
If you get an error with the error code 35 saying "Unknown SSL protocol error in connection to ...", maybe you are using the wrongs ciphers.
Try to precise a bunch of ciphers as below:
$arrayCiphers = array(
'DHE-RSA-AES256-SHA',
'DHE-DSS-AES256-SHA',
'AES256-SHA:KRB5-DES-CBC3-MD5',
'KRB5-DES-CBC3-SHA',
'EDH-RSA-DES-CBC3-SHA',
'EDH-DSS-DES-CBC3-SHA',
'DES-CBC3-SHA:DES-CBC3-MD5',
'DHE-RSA-AES128-SHA',
'DHE-DSS-AES128-SHA',
'AES128-SHA:RC2-CBC-MD5',
'KRB5-RC4-MD5:KRB5-RC4-SHA',
'RC4-SHA:RC4-MD5:RC4-MD5',
'KRB5-DES-CBC-MD5',
'KRB5-DES-CBC-SHA',
'EDH-RSA-DES-CBC-SHA',
'EDH-DSS-DES-CBC-SHA:DES-CBC-SHA',
'DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5',
'EXP-KRB5-DES-CBC-MD5',
'EXP-KRB5-RC2-CBC-SHA',
'EXP-KRB5-DES-CBC-SHA',
'EXP-EDH-RSA-DES-CBC-SHA',
'EXP-EDH-DSS-DES-CBC-SHA',
'EXP-DES-CBC-SHA',
'EXP-RC2-CBC-MD5',
'EXP-RC2-CBC-MD5',
'EXP-KRB5-RC4-MD5',
'EXP-KRB5-RC4-SHA',
'EXP-RC4-MD5:EXP-RC4-MD5'
);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, implode(':', $arrayCiphers));
Worked for me, could work for you!
P.S: Used with PHP 5.4 and cURL 7.26.0.
For those using CURLAUTH_NTLM, it may come to no surprise that NTLM request will fail if you have set CURLOPT_FORBID_REUSE to true.
This is because NTLM authorisation is connect-based, not request-based. If the connection is not kept alive and re-used, cURL can never complete the request.
You may notice this if you get a 401 status code or max out the number of redirects.
If you need to read page contents in between file downloads, while still using the same curl handle, you'll probably need this code:
<?php
curl_setopt($handle, CURLOPT_FILE, fopen('php://stdout','w')); // 'php://output' didn't work for me
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true); // using CURLOPT_FILE sets this to false automatically
?>
If you only want to enable cookie handling and you don't need to save the cookies for a separate session, just set CURLOPT_COOKIEFILE to an empty string. I was given the advice to use php://memory but that did not seem to have the same effect.
Although this is stated in the documentation I thought it was worth reiterating since it cause me so much trouble.
Using CURLOPT_NOPROXY to avoid using the proxy for some urls is very convenient.
For example when the page is trying to look for itself.
The parameter can be found at least in version 5.5.7, (probably earlier)
Unfortunately it's not present on debian wheezy (5.4.4) but it will be on jessie (it's already there)
A related bug: https://bugs.php.net/bug.php?id=53543
Many hosters use PHP safe_mode or/and open_basedir, so you can't use CURLOPT_FOLLOWLOCATION. If you try, you see message like this:
CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in [you script name & path] on line XXX
First, I try to use zsalab function (http://us2.php.net/manual/en/function.curl-setopt.php#102121) from this page, but for some reason it did not work properly. So, I wrote my own.
It can be use instead of curl_exec. If server HTTP response codes is 30x, function will forward the request as long as the response is not different from 30x (for example, 200 Ok). Also you can use POST.
function curlExec(/* Array */$curlOptions='', /* Array */$curlHeaders='', /* Array */$postFields='')
{
$newUrl = '';
$maxRedirection = 10;
do
{
if ($maxRedirection<1) die('Error: reached the limit of redirections');
$ch = curl_init();
if (!empty($curlOptions)) curl_setopt_array($ch, $curlOptions);
if (!empty($curlHeaders)) curl_setopt($ch, CURLOPT_HTTPHEADER, $curlHeaders);
if (!empty($postFields))
{
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
}
if (!empty($newUrl)) curl_setopt($ch, CURLOPT_URL, $newUrl); // redirect needed
$curlResult = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($code == 301 || $code == 302 || $code == 303 || $code == 307)
{
preg_match('/Location:(.*?)\n/', $curlResult, $matches);
$newUrl = trim(array_pop($matches));
curl_close($ch);
$maxRedirection--;
continue;
}
else // no more redirection
{
$code = 0;
curl_close($ch);
}
}
while($code);
return $curlResult;
}
Here is an example of sending JSON data as via POST.
index.php
------
$data = array
(
"command" => "isInstalled",
"params" => Array
(
"1" => "3",
"2" => "4",
)
);
$data_string = "json=" . json_encode($data) . "&";
$ch = curl_init("http://localhose/parrot.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
$results = curl_exec($ch);
print ($results);
?>
=====
parrot.php
------
<?
print_r ($_REQUEST);
?>
CURLOPT_POST should be set before CURLOPT_POSTFIELDS. Otherwise you might encounter 411 Length required error.
Following code generates "411 Length Required" on nginx/1.1.15
<?php
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postfields);
curl_setopt ($ch, CURLOPT_POST, 1);
?>
But this one works.
<?php
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postfields);
?>
CURLAUTH_ANY is not an alias for CURLAUTH_NTLM. I had to specify CURLAUTH_NTLM for a Windows authenticated URL
If you have a mixture of strings starting with @ (at character) and files in CURLOPT_POSTFIELDS you have a problem (such as posting a tweet with attached media) because curl tries to interpret anything starting with @ as a file.
<?php
$postfields = array(
'upload_file' => '@file_to_upload.png',
'upload_text' => '@text_to_upload'
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://example.com/upload-test');
curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields);
curl_exec($curl);
curl_close($curl);
?>
To get around this, prepend the text string with the NULL character like so:
<?php
$postfields = array(
'upload_file' => '@file_to_upload.png',
'upload_text' => sprintf("\0%s", '@text_to_upload')
);
?>
Original source: http://bit.ly/AntMle
I spent a couple of days trying to upload a file using a curl post.
The problem I ran into was the filename had an '@' in the middle of it. It turned out that at least on my system if I encoded the file path using the quoted_printable_encode() function the upload works.
I'm posting this in the hopes that it will help someone else, and for my own future reference.
Code:
<?php
$filepath = '/tmp/test@example.txt';
$postdata['file'] = '@' . quoted_printable_encode($filepath);
//... supporting code.
$result = curl_exec($ch);
?>
I'm not exactly sure why this works when escaping the '@' doesn't work but it does for me.
If anyone can offer insight into why this works or a better way to handle the '@' symbol in a filename when using curl to upload I would love to hear it.
Thanks
Another note addressing the issues with servers that have open_basedir and safe mode turned on. Such an issue spawns the following E_WARNING:
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set
After looking through the notes, most of the proposed manual implementations were kind of clunky and in some cases just didn't work at all. Most importantly (in my case), was the behaviour of the 302 Header. Anyway, here's the code I ended up using which has worked well for me in all cases so far, it even addresses the issue that caused FOLLOWLOCATION to be turned off in some cases :)
EDIT: Unfortunately the code itself is deemed "too long" for PHP's note system. I've uploaded it to a few paste sites below so hopefully the links will live for a while at least.
http://pastebin.com/aaJtPy1j
http://pastie.org/7646116
Use it as a replacement for curl_exec. For example:
<?php
$ch = curl_init("http://php.net");
var_dump(curl_exec_follow($ch, 9001));
curl_close($ch);
?>
when use curl_multi_exec, the CURLOPT_TIMEOUT need curl version newer than 7.21.2.
this can be found at curl changelog.
Be careful when changing CURLOPT_SSL_VERIFYHOST or other options to true (boolean). It may cause insecure behavior [1]
This is because boolean true casts into integer 1, and CURLOPT_SSL_VERIFYHOST = 1 is not secure behavior.
The *correct* value here is CURLOPT_SSL_VERIFYHOST = 2. By setting this value equal to 1 the peer certificate must contain a Common Name field, but it doesn't matter what name it says.
[1] Martin Georgiev and Subodh Iyengar and Suman Jana and Rishita Anubhai and Dan Boneh and Vitaly Shmatikov, The most dangerous code in the world: validating SSL certificates in non-browser software, ACM CCS '12, pp. 38-49, 2012
Please everyone, stop setting CURLOPT_SSL_VERIFYPEER to false or 0. If your PHP installation doesn't have an up-to-date CA root certificate bundle, download the one at the curl website and save it on your server:
http://curl.haxx.se/docs/caextract.html
Then set a path to it in your php.ini file, e.g. on Windows:
curl.cainfo=c:\php\cacert.pem
Turning off CURLOPT_SSL_VERIFYPEER allows man in the middle (MITM) attacks, which you don't want!
I spent a couple of days trying to POST a multi-dimensional array of form fields, including a file upload, to a remote server to update a product. Here are the breakthroughs that FINALLY allowed the script to run as desired.
Firstly, the HTML form used input names like these:
<input type="text" name="product[name]" />
<input type="text" name="product[cost]" />
<input type="file" name="product[thumbnail]" />
in conjunction with two other form inputs not part of the product array
<input type="text" name="method" value="put" />
<input type="text" name="mode" />
I used several cURL options, but the only two (other than URL) that mattered were:
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_POSTFIELDS, $postfields);
Pretty standard so far.
Note: headers didn't need to be set, cURL automatically sets headers (like content-type: multipart/form-data; content-length...) when you pass an array into CURLOPT_POSTFIELDS.
Note: even though this is supposed to be a PUT command through an HTTP POST form, no special PUT options needed to be passed natively through cURL. Options such as
curl_setopt($handle, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT', 'Content-Length: ' . strlen($fields)));
or
curl_setopt($handle, CURLOPT_PUT, true);
or
curl_setopt($handle, CURLOPT_CUSTOMREQUEST, "PUT);
were not needed to make the code work.
The fields I wanted to pass through cURL were arranged into an array something like this:
$postfields = array("method" => $_POST["method"],
"mode" => $_POST["mode"],
"product" => array("name" => $_POST["product"],
"cost" => $_POST["product"]["cost"],
"thumbnail" => "@{$_FILES["thumbnail"]["tmp_name"]};type={$_FILES["thumbnail"]["type"]}")
);
-Notice how the @ precedes the temporary filename, this creates a link so PHP will upload/transfer an actual file instead of just the file name, which would happen if the @ isn't included.
-Notice how I forcefully set the mime-type of the file to upload. I was having issues where images filetypes were defaulting to octet-stream instead of image/png or image/jpeg or whatever the type of the selected image.
I then tried passing $postfields straight into curl_setopt($this->handle, CURLOPT_POSTFIELDS, $postfields); but it didn't work.
I tried using http_build_query($postfields); but that didn't work properly either.
In both cases either the file wouldn't be treated as an actual file and the form data wasn't being sent properly. The problem was HTTP's methods of transmitting arrays. While PHP and other languages can figure out how to handle arrays passed via forms, HTTP isn't quite as sofisticated. I had to rewrite the $postfields array like so:
$postfields = array("method" => $_POST["method"],
"mode" => $_POST["mode"],
"product[name]" => $_POST["product"],
"product[cost]" => $_POST["product"]["cost"],
"product[thumbnail]" => "@{$_FILES["thumbnail"]["tmp_name"]}");
curl_setopt($handle, CURLOPT_POSTFIELDS, $postfields);
This, without the use of http_build_query, solved all of my problems. Now the receiving host outputs both $_POST and $_FILES vars correctly.
Remember:
- 'Server-side' cookies exists as information even before they were set on browser agent(HTTP COOKIE HEADER),
- javascript cookies does NOT exists as information before they were set on browser agent,
so, if you're trying to save cookies using CURLOPT_COOKIEJAR to a local file, that cookie must be server - side cookie, otherwise you are wasting time, javascript-produced cookies only exists when client browser's JS interpreter set them.
I've created an example that gets the file on url passed to script and outputs it to the browser.
<?php
//get the file (e.g. image) and output it to the browser
$ch = curl_init(); //open curl handle
curl_setopt($ch, CURLOPT_URL, $_GET['url']); //set an url
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //do not output directly, use variable
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1); //do a binary transfer
curl_setopt($ch, CURLOPT_FAILONERROR, 1); //stop if an error occurred
$file=curl_exec($ch); //store the content in variable
if(!curl_errno($ch))
{
//send out headers and output
header ("Content-type: ".curl_getinfo($ch, CURLINFO_CONTENT_TYPE)."");
header ("Content-Length: ".curl_getinfo($ch, CURLINFO_CONTENT_LENGTH_DOWNLOAD)."");
echo $file;
} else echo 'Curl error: ' . curl_error($ch);
curl_close($ch); //close curl handle
?>
p.s. Make sure that there're no new lines before and after code or script may not work.
If you are trying to update something on your server and you need to handle this update operation by PUT;
<?php
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_PUT, 1);
?>
are "useless" without;
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT'));
?>
Example;
Updating a book data in database identified by "id 1";
--cURL Part--
<?php
$data = http_build_query($_POST);
// or
$data = http_build_query(array(
'name' => 'PHP in Action',
'price' => 10.9
));
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://api.localhost/rest/books/1");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT"); // no need anymore
// or
// curl_setopt($ch, CURLOPT_PUT, 1); // no need anymore
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$ce = curl_exec($ch);
curl_close($ch);
print_r($ce);
?>
--API class--
<?php
public function putAction() {
echo "putAction() -> id: ". $this->_getParam('id') ."\n";
print_r($_POST);
// do stuff with post data
...
?>
--Output--
putAction() -> id: 15
Array
(
[name] => PHP in Action
[price] => 10.9
)
---Keywords--
rest, restfull api, restfull put, curl put, curl customrequest put
if you want to do a GET request with additional body data it will become tricky not to implicitly change the request to a POST, like many notes below correctly state.
So to do the analogy of command line's
curl -XGET 'http://example.org?foo=bar' -d '<baz>some additional data</baz>'
in PHP you'll do, besides your other necessary stuff,
<?php
curl_setopt($curlHandle, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($curlHandle, CURLOPT_POSTFIELDS, '<baz>some additional data</baz>');
?>
during my experiments, every other "similar" way, like e.g. CURLOPT_HTTPGET, didn't send the additional data or fell into POST.
When trying to pass a multi-dimensional array to CURLOPT_POSTFIELDS, first run it through http_build_query(). That will get rid of the Array to String conversion notice.
Note that if you put a certificate chain in a PEM file, the certificates need to be ordered so that each certificate is followed by its issuer (i.e., root last.)
Source: http://publib.boulder.ibm.com/tividd/td/ITIM/SC32-1493-00/en_US/HTML/im451_config09.htm
If you are using curl to do a soap request and consistently get the following error back:
The server cannot service the request because the media type is unsupported.
You are sending the Content-type of soap 1.2 to a 1.1 server.
Soap 1.1 needs Content-Type: text/xml;
Soap 1.2 should have Content-Type: application/soap+xml;
This may be not obvious, but if you specify the CURLOPT_POSTFIELDS and don't specify the CURLOPT_POST - it will still send POST, not GET (as you might think - since GET is default).
So the line:
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
is synonym to:
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
Even if you set the options like this (in this order):
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
it will send POST, since CURLOPT_POSTFIELDS is latter.
So if you want GET - make sure you don't have CURLOPT_POSTFIELDS specified somewhere.
The description of the use of the CURLOPT_POSTFIELDS option should be emphasize, that using POST with HTTP/1.1 with cURL implies the use of a "Expect: 100-continue" header. Some web servers will not understand the handling of chunked transfer of post data.
To disable this behavior one must disable the use of the "Expect:" header with
curl_setopt($ch, CURLOPT_HTTPHEADER,array("Expect:"));
About CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE, and which / how to use.
- CURLOPT_COOKIEJAR is used when cURL is reading cookie data from disk.
- CURLOPT_COOKIEFILE is used when cURL is writing the cookie data to disk.
So you need to specify both (and set the same file location on both) when working with sessions for example.
As of at least PHP 5.3.9, if you are continuing to use a cURL session handle after downloading a file and closing the file handle, you will need to change CURLOPT_FILE back to stdout, and cannot count simply on a side effect of CURLOPT_RETURNTRANSFER to do so, even if you are setting it. For example:
<?php
$ch = curl_init();
$fh = fopen('/path/to/stored/file/example_file.dat', 'w');
curl_setopt($ch, CURLOPT_FILE, $fh);
curl_setopt($ch, CURLOPT_URL, 'http://example.com/example_file.dat');
curl_exec($ch);
fflush($fh);
fclose($fh);
//must reset cURL file handle. Not doing so will cause a warning to be
//thrown and for cURL to default to output regardless
//for our example, we'll set return transfer.
curl_setopt($ch, CURLOPT_FILE, fopen('php://stdout', 'w'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_URL, 'http://example.org/index.html');
$html = curl_exec($ch); //this will now work
?>
I noted something when using CURLOPT_POSTFIELDS in combination with arrays from PHP.
You may supply an array, but there may not be any sub-arrays in this array, as this will give Array-to-string-conversion notice.
Example:
<?php
$ch = curl_init();
# this works
$data = array('name' => 'value');
# this gives "Notice: Array to string conversion..."
$data = array('name' => array('subname' => 'subvalue'));
curl_setopt($ch, CURLOPT_URL, 'http://localhost/test.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
?>
Make sure to set keys for array if passing to CURLOPT_POSTFIELDS.
<?php
//This can cause errors
$data = array('bar');
//Use this instead
$data = array('foo' => 'bar');
curl_setopt(CURLOPT_POSTFIELDS, $data);
?>
I've been stuck when using the CURLOPT_CONNECTTIMEOUT_MS constant. In fact, on my PHP version (5.3.1) it's not a number but rather a string. Same thing for CURLOPT_TIMEOUT_MS.
I got this error: Warning: curl_setopt() expects parameter 2 to be long, string given
If you are experiencing simular problems, you can replace the constant with the actual number or (re)define the constant.
CURLOPT_TIMEOUT_MS should be 155
CURLOPT_CONNECTTIMEOUT_MS should be 156
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT_MS, 2500); // error
curl_setopt($ch, 156, 2500); // problem solved
CURLOPT_POST must be left unset if you want the Content-Type header set to "multipart/form-data" (e.g., when CURLOPT_POSTFIELDS is an array). If you set CURLOPT_POSTFIELDS to an array and have CURLOPT_POST set to TRUE, Content-Length will be -1 and most sane servers will reject the request. If you set CURLOPT_POSTFIELDS to an array and have CURLOPT_POST set to FALSE, cURL will send a GET request.
Sending a post file upload across a squid proxy, the request was rejected by the proxy. In the error page returned it provided among other possible causes:"Expect:" feature is being asked from a HTTP/one.zero.
Solution: Add the option <?php curl_setopt($cl,CURLOPT_HTTPHEADER,array("Expect:")); ?>. This will remove the expect http header.
If you want cURL to timeout in less than one second, you can use CURLOPT_TIMEOUT_MS, although there is a bug/"feature" on "Unix-like systems" that causes libcurl to timeout immediately if the value is < 1000 ms with the error "cURL Error (28): Timeout was reached". The explanation for this behavior is:
"If libcurl is built to use the standard system name resolver, that portion of the transfer will still use full-second resolution for timeouts with a minimum timeout allowed of one second."
What this means to PHP developers is "You can use this function without testing it first, because you can't tell if libcurl is using the standard system name resolver (but you can be pretty sure it is)"
The problem is that on (Li|U)nix, when libcurl uses the standard name resolver, a SIGALRM is raised during name resolution which libcurl thinks is the timeout alarm.
The solution is to disable signals using CURLOPT_NOSIGNAL. Here's an example script that requests itself causing a 10-second delay so you can test timeouts:
<?php
if (!isset($_GET['foo'])) {
// Client
$ch = curl_init('http://localhost/test/test_timeout.php?foo=bar');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_NOSIGNAL, 1);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 200);
$data = curl_exec($ch);
$curl_errno = curl_errno($ch);
$curl_error = curl_error($ch);
curl_close($ch);
if ($curl_errno > 0) {
echo "cURL Error ($curl_errno): $curl_error\n";
} else {
echo "Data received: $data\n";
}
} else {
// Server
sleep(10);
echo "Done.";
}
?>
When you set ($ch, curlopt_post, 1) , after you have posted your data with curl_exec , you need to set ($ch, curlopt_post, 0), Otherwise all your subsequent requests seems as a post with no postdata and some reverse proxy servers send 500 or 403 error for these case ( access denied or forbidden )!
When CURLOPT_FOLLOWLOCATION and CURLOPT_HEADER are both true and redirect/s have happened then the header returned by curl_exec() will contain all the headers in the redirect chain in the order they were encountered.
Force Curl Request To Go To A Particular IP Address
Yes, there is a method of passing an IP address to curl. Excellent for services with multiple IP addresses and also to take DNS out of the equation for testing/debugging.
<?php
function fetch_page($url, $host_ip = NULL)
{
$ch = curl_init();
if (!is_null($host_ip))
{
$urldata = parse_url($url);
// Ensure we have the query too, if there is any...
if (!empty($urldata['query']))
$urldata['path'] .= "?".$urldata['query'];
// Specify the host (name) we want to fetch...
$headers = array("Host: ".$urldata['host']);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// create the connecting url (with the hostname replaced by IP)
$url = $urldata['scheme']."://".$host_ip.$urldata['path'];
}
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec ($ch);
curl_close ($ch);
return $result;
}
?>
When using CURLOPT_POSTFIELDS with an array as parameter, you have to pay high attention to user input. Unvalidated user input will lead to serious security issues.
<?php
/**
* test.php:
*/
$ch = curl_init('http://example.com');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'foo' => $_GET['bar']
));
curl_exec($ch);
?>
Requesting "test.php?bar=@/home/user/test.png" will send "test.png" to example.com.
Make sure you remove the leading "@" from user input.
If your POST data seems to be disappearing (POST data empty, request is being handled by the server as a GET), try rearranging the order of CURLOPT_POSTFIELDS setting with CURLOPT_NOBODY. CURLOPT_POSTFIELDS has to come AFTER CURLOPT_NOBODY setting because if it comes after it wipes out the Content-Type header that tells your URL target that the request is a POST not a GET.
Not sure if this is expected behavior but it certainly isn't documented (except on Stackoverflow.com, which is supremely unhelpful - BTW, guys over on stack overflow... once you've figured out a PHP problem, posting the solution here would save everyone extra search time).
I had problems with the Wikimedia software and sending a POST request where the data was more than 1024 bytes long. I traced this to cURL adding: Expect: 100-continue to the headers.
I added curl_setopt($ch,CURLOPT_HTTPHEADER,array("Expect:")); and that suppresses the Expect line.
Handling redirections with curl if safe_mode or open_basedir is enabled. The function working transparent, no problem with header and returntransfer options. You can handle the max redirection with the optional second argument (the function is set the variable to zero if max redirection exceeded).
Second parameter values:
- maxredirect is null or not set: redirect maximum five time, after raise PHP warning
- maxredirect is greather then zero: no raiser error, but parameter variable set to zero
- maxredirect is less or equal zero: no follow redirections
<?php
function curl_exec_follow(/*resource*/ $ch, /*int*/ &$maxredirect = null) {
$mr = $maxredirect === null ? 5 : intval($maxredirect);
if (ini_get('open_basedir') == '' && ini_get('safe_mode' == 'Off')) {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $mr > 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, $mr);
} else {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
if ($mr > 0) {
$newurl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
$rch = curl_copy_handle($ch);
curl_setopt($rch, CURLOPT_HEADER, true);
curl_setopt($rch, CURLOPT_NOBODY, true);
curl_setopt($rch, CURLOPT_FORBID_REUSE, false);
curl_setopt($rch, CURLOPT_RETURNTRANSFER, true);
do {
curl_setopt($rch, CURLOPT_URL, $newurl);
$header = curl_exec($rch);
if (curl_errno($rch)) {
$code = 0;
} else {
$code = curl_getinfo($rch, CURLINFO_HTTP_CODE);
if ($code == 301 || $code == 302) {
preg_match('/Location:(.*?)\n/', $header, $matches);
$newurl = trim(array_pop($matches));
} else {
$code = 0;
}
}
} while ($code && --$mr);
curl_close($rch);
if (!$mr) {
if ($maxredirect === null) {
trigger_error('Too many redirects. When following redirects, libcurl hit the maximum amount.', E_USER_WARNING);
} else {
$maxredirect = 0;
}
return false;
}
curl_setopt($ch, CURLOPT_URL, $newurl);
}
}
return curl_exec($ch);
}
?>
FYI... unless you specifically set the user agent, no user agent will be sent in your request as there is no default value like some of the other options.
As others have said, not sending a user agent may cause you to not get the results that you expected, e.g., 0 byte length content, different content, etc.
A note on the way Curl posts files...
<?php
curl_setopt($ch, CURLOPT_POSTFIELDS, array('file' => '@/path/to/file.ext');
?>
will post the FULL PATH of the file in the filename field:
Content-Disposition: form-data; name="file"; filename="/path/to/file.ext"
Whereas typical browser behavior only sends the filename:
Content-Disposition: form-data; name="file"; filename="file.ext"
Workaround:
<?php
curl_setopt($ch, CURLOPT_POSTFIELDS, array('file' => '@file.ext');
$cwd = getcwd();
chdir('/path/to/');
$receivedData = curl_exec($ch);
chdir($cwd);
?>
In order to reset CURLOPT_HTTPHEADER, set it to array(). The cURL C API says you should set it to NULL, but that doesn't work in the PHP wrapper.
This function helps to parse netscape cookie file, generated by cURL into cookie array:
<?php
function _curl_parse_cookiefile($file) {
$aCookies = array();
$aLines = file($file);
foreach($aLines as $line){
if('#'==$line{0})
continue;
$arr = explode("\t", $line);
if(isset($arr[5]) && isset($arr[6]))
$aCookies[$arr[5]] = $arr[6];
}
return $aCookies;
}
?>
When POSTing with cURL, my POSTs were magically being converted to GETs and I debugged it until finding the issue. I was setting the CURLOPT_MUTE option. Not sure why this conflicts, since the documentation doesn't specify as such. Anyways, if your $_POST is empty, make sure you aren't setting CURLOPT_MUTE.
Cheers!
Be careful when setting the CURLOPT_POSTFIELDS setting using an array. The array used to set the POST fields must only contain scalar values. Multidimentional arrays or objects lacking a __toString implementation will cause Curl to error.
If there is a need to send non-scalar values using a POST request, consider serializing them before transmission.
<?php
$ch = curl_init('http://host.example.com');
// Data to post
$multiDimensional = array(
'name' = 'foo',
'data' = array(1,2,3,4),
'value' = 'bar'
);
// Will error
curl_setopt($ch, CURLOPT_POSTFIELDS, $multiDimensional);
// Data to post
$postData = array(
'name' = 'foo',
'data' = serialize(array(1,2,3,4)),
'value' = 'bar'
);
// Will not error
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
?>
It appears that setting CURLOPT_FILE before setting CURLOPT_RETURNTRANSFER doesn't work, presumably because CURLOPT_FILE depends on CURLOPT_RETURNTRANSFER being set.
So do this:
<?php
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FILE, $fp);
?>
not this:
<?php
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
?>
CURLOPT_HTTPPROXYTUNNEL means curl will use CONNECT method of the HTTP protocol to make a tunnel through a proxy, which is most likely not the one you want to do.
Some additional notes for curlopt_writefunction. I struggled with this at first because it really isn't documented very well.
When you write a callback function and use it with curlopt_writefunction it will be called MULTIPLE times. Your function MUST return the ammount of data written to it each time. It is very picky about this. Here is a snippet from my code that may help you
<?php
curl_setopt($this->curl_handle, CURLOPT_WRITEFUNCTION, array($this, "receiveResponse"));
// later on in the class I wrote my receive Response method
private function receiveResponse($curlHandle,$xmldata)
{
$this->responseString = $xmldata;
$this->responseXML .= $this->responseString;
$this->length = strlen($xmldata);
$this->size += $this->length;
return $this->length;
}
?>
Now I did this for a class. If you aren't doing OOP then you will obviously need to modify this for your own use.
CURL calls your script MULTIPLE times because the data will not always be sent all at once. Were talking internet here so its broken up into packets. You need to take your data and concatenate it all together until it is all written. I was about to pull my damn hair out because I would get broken chunks of XML back from the server and at random lengths. I finally figured out what was going on. Hope this helps
Hi,
Anyone who is interested in submitting their information by post to HTTPS site (e.g. payment gateway) where https page needs basic authentication before submitting the information. below code will be helpful.
<?php
$submit_url = "https://sitename/process.php";
$curl = curl_init();
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC ) ;
curl_setopt($curl, CURLOPT_USERPWD, "username:password");
curl_setopt($curl, CURLOPT_SSLVERSION,3);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params );
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($curl, CURLOPT_URL, $submit_url);
$data = split("text/html", curl_exec($curl) );
$temp = split("\r\n", $data[1]) ;
$result = unserialize( $temp[2] ) ;
print_r($result);
curl_close($curl);
?>
For those of you wondering how to specify the content-type for a file uploaded via curl, the syntax is as follows:
<?php
$data = array('file' => '@/home/user/test.png;type=image/png');
?>
Simply adding a semicolon with the type= at the end.
Note that this has been reported not to work in all versions of PHP and I have done the following tests:
5.2.6 (libcurl 7.18.2) : Does not work
5.2.13 (libcurl 7.20.0) : Works just fine
So it might be worth updating your installation of PHP and/or libcurl if you want to be able to use this syntax
I couldn't find a way to force a curl request to go to a particular IP address, but you can do it with fsockopen:
<?php
$ip = '123.45.67.89';
$fp = fsockopen($ip, 80, $errno, $errstr, 5);
$result = '';
if (!$fp) {
echo "$errstr ($errno)<br />\n";
} else {
$out = "GET /path/to/the/file.ext HTTP/1.1\r\n";
$out .= "Host: www.exampl.com\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$result .= fgets($fp, 128);
}
fclose($fp);
}
?>
I needed it to test the response from a set of servers behind a load balancer.
If you have turned on conditional gets on a curl handle, and then for a subsequent request, you don't have a good setting for CURLOPT_TIMEVALUE , you can disable If-Modified-Since checking with:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $foo);
curl_setopt($ch, CURLOPT_TIMEVALUE, filemtime($foo_path));
curl_setopt($ch, CURLOPT_TIMECONDITION, CURLOPT_TIMECOND_IFMODIFIEDSINCE);
curl_exec($ch);
// Reuse same curl handle
curl_setopt($ch, CURLOPT_URL, $bar);
curl_setopt($ch, CURLOPT_TIMEVALUE, null); // don't know mtime
curl_setopt($ch, CURLOPT_TIMECONDITION, 0); // set it to 0, turns it off
curl_exec($ch);
?>
If you need to send deta in a DELETE request, use:
<?php
$request_body = 'some data';
$ch = curl_init('http://www.example.com');
curl_setopt($ch, CURLOPT_POSTFIELDS, $request_body);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
$response = curl_exec($ch);
var_dump($response);
?>
If you wish to find the size of the file you are streaming and use it as your header this is how:
<?php
function write_function($curl_resource, $string)
{
if(curl_getinfo($curl_resource, CURLINFO_SIZE_DOWNLOAD) <= 2000)
{
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Description: File Transfer');
header("Content-Transfer-Encoding: binary");
header("Content-Type: ".curl_getinfo($curl_resource, CURLINFO_CONTENT_TYPE)."");
header("Content-Length: ".curl_getinfo($curl_resource, CURLINFO_CONTENT_LENGTH_DOWNLOAD)."");
}
print $string;
return mb_strlen($string, '8bit');
}
?>
1440 is the the default number of bytes curl will call the write function (BUFFERSIZE does not affect this, i actually think you can not change this value), so it means the headers are going to be set only one time.
write_function must return the exact number of bytes of the string, so you can return a value with mb_strlen.
You can use also use object methods as callback functions. This is usefull if your curl ressource is part of an object handling transfers.
Instead of curl_setopt($curl, CURLOPT_WRITEFUNCTION, "curl_handler_recv") you can use array($object, "method") as value for callback options.
For example:
<?php
class downloader {
private $curl;
function __construct() {
$this->curl = curl_init();
curl_setopt($this->curl, CURLOPT_WRITEFUNCTION, array($this, "curl_handler_recv"));
}
function curl_handler_recv($res, $data) {
//...
}
//...
}
?>
PUT requests are very simple, just make sure to specify a content-length header and set post fields as a string.
Example:
<?php
function doPut($url, $fields)
{
$fields = (is_array($fields)) ? http_build_query($fields) : $fields;
if($ch = curl_init($url))
{
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Length: ' . strlen($fields)));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_exec($ch);
$status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return (int) $status;
}
else
{
return false;
}
}
if(doPut('http://example.com/api/a/b/c', array('foo' => 'bar')) == 200)
// do something
else
// do something else.
?>
You can grab the request data on the other side with:
<?php
if($_SERVER['REQUEST_METHOD'] == 'PUT')
{
parse_str(file_get_contents('php://input'), $requestData);
// Array ( [foo] => bar )
print_r($requestData);
// Do something with data...
}
?>
DELETE can be done in exactly the same way.
Hello.
During problems with "CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set"
I was looking for solution.
I've found few methods on this page, but none of them was good enough, so I made one.
<?php
function curl_redirect_exec($ch, &$redirects, $curlopt_header = false) {
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code == 301 || $http_code == 302) {
list($header) = explode("\r\n\r\n", $data, 2);
$matches = array();
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
$url = trim(array_pop($matches));
$url_parsed = parse_url($url);
if (isset($url_parsed)) {
curl_setopt($ch, CURLOPT_URL, $url);
$redirects++;
return curl_redirect_exec($ch, $redirects);
}
}
if ($curlopt_header)
return $data;
else {
list(,$body) = explode("\r\n\r\n", $data, 2);
return $body;
}
}
?>
Main issue in existing functions was lack of information, how many redirects was done.
This one will count it.
First parameter as usual.
Second should be already initialized integer, it will be incremented by number of done redirects.
You can set CURLOPT_HEADER if You need it.
I've found that setting CURLOPT_HTTPHEADER more than once will clear out any headers you've set previously with CURLOPT_HTTPHEADER.
Consider the following:
<?php
# ...
curl_setopt($cURL,CURLOPT_HTTPHEADER,array (
"Content-Type: text/xml; CHARSET=gb2312",
"Expect: 100-continue"
));
# ... do some other stuff ...
curl_setopt($cURL,CURLOPT_HTTPHEADER,array (
"Accept: application/json"
));
# ...
?>
Both the Content-Type and Expect I set will not be in the outgoing headers, but Accept will.
If you get a "failed creating formpost data" upon curl_exec() when POSTing a form, check if one of the field values starts with the @ character.
Took me an hour or so to find out as I wanted to post a @reply tweet to twitter which typically start with @screenname.
There is a function to send POST data in page with five parameters :
$post must be an array
$page is the page where POST datas will be send.
$n must be true to continue if they are php redirection (Location: )
$session must be define true if you want to use cookies
$referer must be a link to get a wrong referer or only to have a referer.
<?php
function curl_data_post($post, $page, $n, $session, $referer)
{
if(!is_array($post))
{
return false;
}
$DATA_POST = curl_init();
curl_setopt($DATA_POST, CURLOPT_RETURNTRANSFER, true);
curl_setopt($DATA_POST, CURLOPT_URL, $page);
curl_setopt($DATA_POST, CURLOPT_POST, true);
if($n)
{
curl_setopt($DATA_POST, CURLOPT_FOLLOWLOCATION, true);
}
if($session)
{
curl_setopt($DATA_POST, CURLOPT_COOKIEFILE, 'cookiefile.txt');
curl_setopt($DATA_POST, CURLOPT_COOKIEJAR, 'cookiefile.txt');
}
if($referer)
{
curl_setopt($DATA_POST, CURLOPT_REFERER, $referer);
}
curl_setopt($DATA_POST, CURLOPT_POSTFIELDS, $post);
$data = curl_exec($DATA_POST);
if($data == false)
{
echo'Warning : ' . curl_error($DATA_POST);
curl_close($DATA_POST);
return false;
}
else
{
curl_close($DATA_POST);
return $data;
}
}
?>
Whats not mentioned in the documentation is that you have to set CURLOPT_COOKIEJAR to a file for the CURL handle to actually use cookies, if it is not set then cookies will not be parsed.
When you are using CURLOPT_FILE to download directly into a file you must close the file handler after the curl_close() otherwise the file will be incomplete and you will not be able to use it until the end of the execution of the php process.
<?php
$fh = fopen('/tmp/foo', 'w');
$ch = curl_init('http://example.com/foo');
curl_setopt($ch, CURLOPT_FILE, $fh);
curl_exec($ch);
curl_close($ch);
# at this point your file is not complete and corrupted
fclose($fh);
# now you can use your file;
read_file('/tmp/foo');
?>
When using CURLOPT_FILE, pass it the file handle that is open for write only (eg fopen('blahblah', 'w+')). If you also open the file for reading (eg fopen('blahblah', 'rw')), curl will fail with error 23.
Seems like some options not mentioned on this page, but listed on http://curl.haxx.se/libcurl/c/curl_easy_setopt.html is actually supported.
I was happy to see that I could actually use CURLOPT_FTP_CREATE_MISSING_DIRS even from PHP.
As of php 5.3 CURLOPT_PROGRESSFUNCTION its supported here's how:
<?php
function callback($download_size, $downloaded, $upload_size, $uploaded)
{
// do your progress stuff here
}
$ch = curl_init('http://www.example.com');
// This is required to curl give us some progress
// if this is not set to false the progress function never
// gets called
curl_setopt($ch, CURLOPT_NOPROGRESS, false);
// Set up the callback
curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, 'callback');
// Big buffer less progress info/callbacks
// Small buffer more progress info/callbacks
curl_setopt($ch, CURLOPT_BUFFERSIZE, 128);
$data = curl_exec($ch);
?>
Hope this help.
I noticed that if you want to get current cookie file after curl_exec() - you need to close current curl handle (like it said in manual), but if you want cookies to be dumped to file after any curl_exec (without curl_close) you can:
<?php
#call it normally
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookiefile");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookiefile");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/');
$result1 = curl_exec($ch);
#and then make a temp copy
$ch_temp=curl_copy_handle(ch);
curl_close($ch);
$ch=$ch_temp;
?>
Only this way, if you close $ch_temp - cookies wont be dumped.
if you need to send a SOAP string that is the CURL you must use :
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, XML_POST_URL);
curl_setopt ($ch, CURLOPT_HTTPHEADER, array('SOAPAction: ""'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, XML_PAYLOAD);
curl_setopt($ch, CURLOPT_HEADER, 0);
$output = curl_exec($ch);
?>
Note : Having based my snipet on Chemo demonstration (oscommerce user know who he is), XML_POST_URL and XML_PAYLOAD where defined as constant with define().
The point is : at the opposite of .xml , SOAP must send the header 'SOAPAction: ""' that can be a valid URI, an empty string (that is here) or nothing ('SOAPAction: '). The later case baing not accepted by all server, the second one indicating the target is the URI used to post the SOAP.
http://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383528
Example how to connect to FTPES (FTP explicit SSL). This script will connect to any FTPES server and out put the list of directories.
<?php
$username = 'username';
$password = 'password';
$url = 'example.com';
$ftp_server = "ftp://" . $username . ":" . $password . "@" . $url;
echo "Starting CURL.\n";
$ch = curl_init();
echo "Set CURL URL.\n";
//curl FTP
curl_setopt($ch, CURLOPT_URL, $ftp_server);
//For Debugging
//curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
//SSL Settings
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_TRY);
//List FTP files and directories
curl_setopt($ch, CURLOPT_FTPLISTONLY, TRUE);
//Output to curl_exec
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
echo "Executing CURL.\n";
$output = curl_exec($ch);
curl_close($ch);
echo "Closing CURL.\n";
echo $output . "\n";
$files = explode("\n", $output);
print_r($files);
?>
When passing CURLOPT_POSTFIELDS a url-encoded string in order to use Content-Type: application/x-www-form-urlencoded, you can pass a string directly:
<?php
curl_setopt(CURLOPT_POSTFIELDS, 'field1=value&field2=value2');
?>
rather than passing the string in an array, as in fred at themancan dot com's example.
To send a post as a different content-type (ie.. application/json or text/xml) add this setopt call
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER,array('Content-Type: application/json'));
?>
Note that CURLOPT_RETURNTRANSFER when used with CURLOPT_WRITEFUNCTION has effectively three settings: default, true, and false.
default - callbacks will be called as expected.
true - content will be returned but callback function will not be called.
false - content will be output and callback function will not be called.
Note that CURLOPT_HEADERFUNCTION callbacks are always called.
Passing in PHP's $_SESSION into your cURL call:
<?php
session_start();
$strCookie = 'PHPSESSID=' . $_COOKIE['PHPSESSID'] . '; path=/';
session_write_close();
$curl_handle = curl_init('enter_external_url_here');
curl_setopt( $curl_handle, CURLOPT_COOKIE, $strCookie );
curl_exec($curl_handle);
curl_close($curl_handle);
?>
This worked great for me. I was calling pages from the same server and needed to keep the $_SESSION variables. This passes them over. If you want to test, just print_r($_SESSION);
Enjoy!
To fetch (or submit data to) multiple pages during one session,use this:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookiefile");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookiefile");
curl_setopt($ch, CURLOPT_COOKIE, session_name() . '=' . session_id());
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_URL, 'http://example.com/page1.php');
$result1 = curl_exec($ch);
curl_setopt($ch, CURLOPT_URL, 'http://example.com/page2.php');
$result2 = curl_exec($ch);
curl_close($ch);
?>
Just a small detail I too easily overlooked.
<?php
/* If you set: */
curl_setopt ($ch, CURLOPT_POST, 1);
/* then you must have the data: */
curl_setopt ($ch, CURLOPT_POSTFIELDS, $PostData);
?>
I found with only the CURLOPT_POST set (from copy, paste editing of course) cookies were not getting sent with CURLOPT_COOKIE. Just something subtle to watch out for.
To find what encoding a given HTTP POST request uses is easy -- passing an array to CURLOPT_POSTFIELDS results in multipart/form-data:
<?php
curl_setopt(CURLOPT_POSTFIELDS, array('field1' => 'value'));
?>
Passing a URL-encoded string will result in application/x-www-form-urlencoded:
<?php
curl_setopt(CURLOPT_POSTFIELDS, array('field1=value&field2=value2'));
?>
I ran across this when integrating with both a warehouse system and an email system; neither would accept multipart/form-data, but both happily accepted application/x-www-form-urlencoded.
if you use
<?php
curl_setopt($ch, CURLOPT_INTERFACE, "XXX.XXX.XXX.XXX");
?>
to specify IP adress for request, sometimes you need to get list of all your IP's.
ifconfig command will output something like:
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 82.146.XXX.XXX netmask 0xffffffff broadcast 82.146.XXX.XXX
inet 78.24.XXX.XXX netmask 0xffffffff broadcast 78.24.XXX.XXX
inet 82.146.XXX.XXX netmask 0xffffffff broadcast 82.146.XXX.XXX
inet 82.146.XXX.XXX netmask 0xffffffff broadcast 82.146.XXX.XXX
inet 82.146.XXX.XXX netmask 0xffffffff broadcast 82.146.XXX.XXX
inet 78.24.XXX.XXX netmask 0xffffffff broadcast 78.24.XXX.XXX
inet 78.24.XXX.XXX netmask 0xffffffff broadcast 78.24.XXX.XXX
ether XX:XX:XX:XX:XX:XX
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
Opened by PID 564
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
Opened by PID 565
Opened by PID 565
My solution for FreeBSD 6 and PHP 5 was:
<?php
ob_start();
$ips=array();
$ifconfig=system("ifconfig");
echo $ifconfig;
$ifconfig=ob_get_contents();
ob_end_clean();
$ifconfig=explode(chr(10), $ifconfig);
for ($i=0; $i<count($ifconfig); $i++) {
$t=explode(" ", $ifconfig[$i]);
if ($t[0]=="\tinet") {
array_push($ips, $t[1]);
}
}
for ($i=0; $i<count($ips); $i++) {
echo $ips[$i]."\n";
}
?>
You will get list of IP adresses in $ips array, like:
82.146.XXX.XXX
78.24.XXX.XXX
82.146.XXX.XXX
82.146.XXX.XXX
82.146.XXX.XXX
78.24.XXX.XXX
78.24.XXX.XXX
If you want to connect to a server which requires that you identify yourself with a certificate, use following code. Your certificate and servers certificate are signed by an authority whose certificate is in ca.ctr.
<?php
curl_setopt($ch, CURLOPT_VERBOSE, '1');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '2');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '1');
curl_setopt($ch, CURLOPT_CAINFO, getcwd().'/cert/ca.crt');
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/cert/mycert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'password');
?>
If your original certificate is in .pfx format, you have to convert it to .pem using following commands
# openssl pkcs12 -in mycert.pfx -out mycert.key
# openssl rsa -in mycert.key -out mycert.pem
# openssl x509 -in mycert.key >> mycert.pem
In PHP5, for the "CURLOPT_POSTFIELDS" option, we can use:
<?php
$ch = curl_init($URI);
$Post = http_build_query($PostData);
curl_setopt($ch, CURLOPT_POSTFIELDS, $Post);
$Output = curl_exec($ch);
curl_close($ch);
?>
If you are doing a POST, and the content length is 1,025 or greater, then curl exploits a feature of http 1.1: 100 (Continue) Status.
See http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html#sec8.2.3
* it adds a header, "Expect: 100-continue".
* it then sends the request head, waits for a 100 response code, then sends the content
Not all web servers support this though. Various errors are returned depending on the server. If this happens to you, suppress the "Expect" header with this command:
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
?>
See http://www.gnegg.ch/2007/02/the-return-of-except-100-continue/
if you would like to send xml request to a server (lets say, making a soap proxy),
you have to set
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER, Array("Content-Type: text/xml"));
?>
makesure you watch for cache issue:
the below code will prevent cache...
<?php
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
?>
hope it helps ;)
If you try to upload file to a server, you need do CURLOPT_POST first and then fill CURLOPT_POSTFIELDS.
<?php
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postvars);
// ^^ This will post multipart/form-data
?>
After much struggling, I managed to get a SOAP request requiring HTTP authentication to work. Here's some source that will hopefully be useful to others.
<?php
$credentials = "username:password";
// Read the XML to send to the Web Service
$request_file = "./SampleRequest.xml";
$fh = fopen($request_file, 'r');
$xml_data = fread($fh, filesize($request_file));
fclose($fh);
$url = "http://www.example.com/services/calculation";
$page = "/services/calculation";
$headers = array(
"POST ".$page." HTTP/1.0",
"Content-type: text/xml;charset=\"utf-8\"",
"Accept: text/xml",
"Cache-Control: no-cache",
"Pragma: no-cache",
"SOAPAction: \"run\"",
"Content-length: ".strlen($xml_data),
"Authorization: Basic " . base64_encode($credentials)
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERAGENT, $defined_vars['HTTP_USER_AGENT']);
// Apply the XML to our curl call
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);
$data = curl_exec($ch);
if (curl_errno($ch)) {
print "Error: " . curl_error($ch);
} else {
// Show me the result
var_dump($data);
curl_close($ch);
}
?>
<?php
/*
* Author: Ojas Ojasvi
* Released: September 25, 2007
* Description: An example of the disguise_curl() function in order to grab contents from a website while remaining fully camouflaged by using a fake user agent and fake headers.
*/
$url = 'http://www.php.net';
// disguises the curl using fake headers and a fake user agent.
function disguise_curl($url)
{
$curl = curl_init();
// Setup headers - I used the same headers from Firefox version 2.0.0.6
// below was split up because php.net said the line was too long. :/
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$header[] = "Pragma: "; // browsers keep this blank.
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_USERAGENT, 'Googlebot/2.1 (+http://www.google.com/bot.html)');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_REFERER, 'http://www.google.com');
curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($curl, CURLOPT_AUTOREFERER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
$html = curl_exec($curl); // execute the curl command
curl_close($curl); // close the connection
return $html; // and finally, return $html
}
// uses the function and displays the text off the website
$text = disguise_curl($url);
echo $text;
?>
Ojas Ojasvi
FYI,
Anyone trying to connect to .NET with CURL to send a simple XML post, pay attention to the following. This will save you hours! There is a previous note that I saw either on this page, or somewhere else on this site that explains the correct way to specify the header option is to create an array, then reference the array from the CURLOPT.
ie. Do something like this:
<?php
// Req. HTTP Header Values
$header[] = "Content-type: text/xml";
// Target URL
$sendTo = "http://www.example.com";
// Post Data
$post = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<root>\n....etc, etc,";
// Create CURL Connection
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, 'XtraDoh xAgent');
curl_setopt($ch, CURLOPT_URL, $sendTo);
curl_setopt($ch, CURLOPT_TIMEOUT, 900);
curl_setopt($ch, CURLOPT_CONNECTIONTIMEOUT, 30);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
?>
Notice the HTTPHEADER, $header above. I have not been able to get .NET to properly read the HTTP header as specified (in this case as text/xml) when using the following:
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type'=>'text/xml'));
?>
Although this may work when working with other PHP, IIS, or even PHP, Apache, it does not (at least in my experience) work with .NET, IIS.
This is very clear in hindsight, but it still cost me several hours:
<?php curl_setopt($session, CURLOPT_HTTPPROXYTUNNEL, 1); ?>
means that you will tunnel THROUGH the proxy, as in "your communications will go as if the proxy is NOT THERE".
Why do you care? - Well, if you are trying to use, say, Paros, to debug HTTP between your cURL and the server, with CURLOPT_HTTPPROXYTUNNEL set to TRUE Paros will not see or log your traffic thus defeating the purpose and driving you nuts.
There are other cases, of course, where this option is extremely useful...
if you are trying to connect to 'https://...' and after that want to work with POST data - that's the way:
<?php
$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_COOKIEFILE, "cookiefile");
curl_setopt($curl, CURLOPT_COOKIEJAR, "cookiefile"); # SAME cookiefile
curl_setopt($curl, CURLOPT_URL, "url1"); # this is where you first time connect - GET method authorization in my case, if you have POST - need to edit code a bit
$xxx = curl_exec($curl);
curl_setopt($curl, CURLOPT_URL, "url2"); # this is where you are requesting POST-method form results (working with secure connection using cookies after auth)
curl_setopt($curl, CURLOPT_POSTFIELDS, "var1=value&var2=value&var3=value&"); # form params that'll be used to get form results
$xxx = curl_exec($curl);
curl_close ($curl);
echo $xxx;
?>
If you are getting the following error:
SSL: certificate subject name 'example.com' does not match target host name 'example.net'
Then you can set the following option to get around it:
<?php curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); ?>
Please note that the CURLOPT_INTERFACE setting only accepts IP addresses and hostnames of the local machine. It is not meant to send a URL to a specific IP address.
In case you wonder how come, that cookies don't work under Windows, I've googled for some answers, and here is the result: Under WIN you need to input absolute path of the cookie file.
This piece of code solves it:
<?php
if ($cookies != '')
{
if (substr(PHP_OS, 0, 3) == 'WIN')
{$cookies = str_replace('\\','/', getcwd().'/'.$cookies);}
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
}
?>
Options not included in the above, but that work (Taken from the libcurl.a C documentation)
CURLOPT_FTP_SSL
Pass a long using one of the values from below, to make libcurl use your desired level of SSL for the ftp transfer. (Added in 7.11.0)
CURLFTPSSL_NONE
Don't attempt to use SSL.
CURLFTPSSL_TRY
Try using SSL, proceed as normal otherwise.
CURLFTPSSL_CONTROL
Require SSL for the control connection or fail with CURLE_FTP_SSL_FAILED.
CURLFTPSSL_ALL
Require SSL for all communication or fail with CURLE_FTP_SSL_FAILED.
Seems that CURLOPT_RETURNTRANSFER Option set to TRUE, returns a "1" when the transaction returns a blank page.
I think is for eliminate the FALSE to can be with a blank page as return
How to get rid of response after POST: just add callback function for returned data (CURLOPT_WRITEFUNCTION) and make this function empty.
<?php
function curlHeaderCallback($ch, $strHeader) {
}
curl_setopt($ch, CURLOPT_WRITEFUNCTION, 'curlHeaderCallback');
?>
If you are trying to use CURLOPT_FOLLOWLOCATION and you get this warning:
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set...
then you will want to read http://www.php.net/ChangeLog-4.php which says "Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled." as of PHP 4.4.4/5.1.5. This is due to the fact that curl is not part of PHP and doesn't know the values of open_basedir or safe_mode, so you could comprimise your webserver operating in safe_mode by redirecting (using header('Location: ...')) to "file://" urls, which curl would have gladly retrieved.
Until the curl extension is changed in PHP or curl (if it ever will) to deal with "Location:" headers, here is a far from perfect remake of the curl_exec function that I am using.
Since there's no curl_getopt function equivalent, you'll have to tweak the function to make it work for your specific use. As it is here, it returns the body of the response and not the header. It also doesn't deal with redirection urls with username and passwords in them.
<?php
function curl_redir_exec($ch)
{
static $curl_loops = 0;
static $curl_max_loops = 20;
if ($curl_loops++ >= $curl_max_loops)
{
$curl_loops = 0;
return FALSE;
}
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
list($header, $data) = explode("\n\n", $data, 2);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code == 301 || $http_code == 302)
{
$matches = array();
preg_match('/Location:(.*?)\n/', $header, $matches);
$url = @parse_url(trim(array_pop($matches)));
if (!$url)
{
//couldn't process the url to redirect to
$curl_loops = 0;
return $data;
}
$last_url = parse_url(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL));
if (!$url['scheme'])
$url['scheme'] = $last_url['scheme'];
if (!$url['host'])
$url['host'] = $last_url['host'];
if (!$url['path'])
$url['path'] = $last_url['path'];
$new_url = $url['scheme'] . '://' . $url['host'] . $url['path'] . ($url['query']?'?'.$url['query']:'');
curl_setopt($ch, CURLOPT_URL, $new_url);
debug('Redirecting to', $new_url);
return curl_redir_exec($ch);
} else {
$curl_loops=0;
return $data;
}
}
?>
Note that if you want to use a proxy and use it as a _cache_, you'll have to do:
<?php curl_setopt($ch, CURLOPT_HTTPHEADER, array("Pragma: ")); ?>
else by default Curl puts a "Pragma: no-cache" header in and thus force cache misses for all requests.
Clarification on the callback methods:
- CURLOPT_HEADERFUNCTION is for handling header lines received *in the response*,
- CURLOPT_WRITEFUNCTION is for handling data received *from the response*,
- CURLOPT_READFUNCTION is for handling data passed along *in the request*.
The callback "string" can be any callable function, that includes the array(&$obj, 'someMethodName') format.
-Philippe
Sometimes you can't use CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE becoz of the server php-settings(They say u may grab any files from server using these options). Here is the solution
1)Don't use CURLOPT_FOLLOWLOCATION
2)Use curl_setopt($ch, CURLOPT_HEADER, 1)
3)Grab from the header cookies like this:
preg_match_all('|Set-Cookie: (.*);|U', $content, $results);
$cookies = implode(';', $results[1]);
4)Set them using curl_setopt($ch, CURLOPT_COOKIE, $cookies);
Good Luck, Yevgen
The examples below for HTTP file upload work great, but I wanted to be able to post multiple files through HTTP upload using HTML arrays as specified in example 38.3 at
http://php.net/features.file-upload
In this case, you need to set the arrays AND keys in the $post_data, it will not work with just the array names. The following example shows how this works:
<?php
$post_data = array();
$post_data['pictures[0]'] = "@cat.jpg";
$post_data['pictures[1]'] = "@dog.jpg";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://example.com/my_url.php" );
curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
if (curl_errno($ch)) {
print curl_error($ch);
}
curl_close($ch);
print "$postResult";
?>
load https:// or http://example.com/exam.php
with POST data (name=alex&year=18) and apply COOKIEs
<?php
$sessions = curl_init();
curl_setopt($sessions,CURLOPT_URL,'http://example.com/exam.php');
curl_setopt($sessions, CURLOPT_POST, 1);
curl_setopt($sessions,CURLOPT_POSTFIELDS,'name=alex&year=18');
curl_setopt($sessions,CURLOPT_COOKIEJAR,
dirname(__FILE__).'/cookie.txt');
curl_setopt($sessions,CURLOPT_FOLLOWLOCATION,0);
curl_setopt($sessions, CURLOPT_HEADER , 1);
curl_setopt($sessions, CURLOPT_RETURNTRANSFER,1);
$my_load_page = curl_exec($this->sessions);
?>
If you're getting trouble with cookie handling in curl:
- curl manages tranparently cookies in a single curl session
- the option
<?php curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookieFileName"); ?>
makes curl to store the cookies in a file at the and of the curl session
- the option
<?php curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookieFileName"); ?>
makes curl to use the given file as source for the cookies to send to the server.
so to handle correctly cookies between different curl session, the you have to do something like this:
<?php
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_COOKIEJAR, COOKIE_FILE_PATH);
curl_setopt ($ch, CURLOPT_COOKIEFILE, COOKIE_FILE_PATH);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec ($ch);
curl_close($ch);
return $result;
?>
in particular this is NECESSARY if you are using PEAR_SOAP libraries to build a webservice client over https and the remote server need to establish a session cookie. in fact each soap message is sent using a different curl session!!
I hope this can help someone
Luca
To further expand upon use of CURLOPT_CAPATH and CURLOPT_CAINFO...
In my case I wanted to prevent curl from talking to any HTTPS server except my own using a self signed certificate. To do this, you'll need openssl installed and access to the HTTPS Server Certificate (server.crt by default on apache)
You can then use a command simiar to this to translate your apache certificate into one that curl likes.
$ openssl x509 -in server.crt -out outcert.pem -text
Then set CURLOPT_CAINFO equal to the the full path to outcert.pem and turn on CURLOPT_SSL_VERIFYPEER.
If you want to use the CURLOPT_CAPATH option, you should create a directory for all the valid certificates you have created, then use the c_rehash script that is included with openssl to "prepare" the directory.
If you dont use the c_rehash utility, curl will ignore any file in the directory you set.
There is really a problem of transmitting $_POST data with curl in php 4+ at least.
I improved the encoding function by Alejandro Moreno to work properly with mulltidimensional arrays.
<?php
function data_encode($data, $keyprefix = "", $keypostfix = "") {
assert( is_array($data) );
$vars=null;
foreach($data as $key=>$value) {
if(is_array($value)) $vars .= data_encode($value, $keyprefix.$key.$keypostfix.urlencode("["), urlencode("]"));
else $vars .= $keyprefix.$key.$keypostfix."=".urlencode($value)."&";
}
return $vars;
}
curl_setopt($ch, CURLOPT_POSTFIELDS, substr(data_encode($_POST), 0, -1) );
?>
Resetting CURLOPT_FILE to STDOUT won't work by calling curl_setopt() with the STDOUT constant or a php://output stream handle (at least I get error messages when trying the code from phpnet at andywaite dot com). Instead, one can simply reset it as a side effect of CURLOPT_RETURNTRANSFER. Just say
<?php curl_setopt($this->curl,CURLOPT_RETURNTRANSFER,0); ?>
and following calls to curl_exec() will output to STDOUT again.
<?php
/*
Here is a script that is usefull to :
- login to a POST form,
- store a session cookie,
- download a file once logged in.
*/
// INIT CURL
$ch = curl_init();
// SET URL FOR THE POST FORM LOGIN
curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/Members/Login.php');
// ENABLE HTTP POST
curl_setopt ($ch, CURLOPT_POST, 1);
// SET POST PARAMETERS : FORM VALUES FOR EACH FIELD
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'fieldname1=fieldvalue1&fieldname2=fieldvalue2');
// IMITATE CLASSIC BROWSER'S BEHAVIOUR : HANDLE COOKIES
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
# Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
# not to print out the results of its query.
# Instead, it will return the results as a string return value
# from curl_exec() instead of the usual true/false.
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
// EXECUTE 1st REQUEST (FORM LOGIN)
$store = curl_exec ($ch);
// SET FILE TO DOWNLOAD
curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/Members/Downloads/AnnualReport.pdf');
// EXECUTE 2nd REQUEST (FILE DOWNLOAD)
$content = curl_exec ($ch);
// CLOSE CURL
curl_close ($ch);
/*
At this point you can do do whatever you want
with the downloaded file stored in $content :
display it, save it as file, and so on.
*/
?>
when specifing the file for either CURLOPT_COOKIEFILE or CURLOPT_COOKIEJAR you may need to use the full file path instead of just the relative path.
After setting CURLOPT_FILE, you may want want to revert back to the normal behaviour of displaying the results. This can be achieved using:
<?php
$fp = fopen ("php://output", "w") or die("Unable to open stdout for writing.\n");
curl_setopt($ch, CURLOPT_FILE, $fp);
?>
Problems can occur if you mix CURLOPT_URL with a 'Host:' header in CURLOPT_HEADERS on redirects because cURL will combine the host you explicitly stated in the 'Host:' header with the host from the Location: header of the redirect response.
In short, don't do this:
<?php
$host = "www.example.com";
$url = "http://$host/";
$headers = array("Host: $host");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
Do this instead:
$host = "www.example.com";
$url = "http://$host/";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
?>
Using cURL, I needed to call a third-party script which was returning binary data as attachment to pass on retrieved data again as attachment.
Problem was that the third-party script occassionally returned HTTP errors and I wanted to avoid passing on zero-length attachment in such case.
Combination of using CURLOPT_FAILONERROR and CURLOPT_HEADERFUNCTION callback helped to process the third-party script HTTP errors neatly:
<?php
function curlHeaderCallback($resURL, $strHeader) {
if (preg_match('/^HTTP/i', $strHeader)) {
header($strHeader);
header('Content-Disposition: attachment; filename="file-name.zip"');
}
return strlen($strHeader);
}
$strURL = 'http://www.example.com/script-whichs-dumps-binary-attachment.php';
$resURL = curl_init();
curl_setopt($resURL, CURLOPT_URL, $strURL);
curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback');
curl_setopt($resURL, CURLOPT_FAILONERROR, 1);
curl_exec ($resURL);
$intReturnCode = curl_getinfo($resURL, CURLINFO_HTTP_CODE);
curl_close ($resURL);
if ($intReturnCode != 200) {
print 'was error: ' . $intReturnCode;
}
?>
If you specify a CAINFO, note that the file must be in PEM format! (If not, it won't work).
Using Openssl you can use:
openssl x509 -in <cert> -inform d -outform PEM -out cert.pem
To create a pem formatted certificate from a binary certificate (the one you get if you download the ca somewhere).
A bit more documentation (without minimum version numbers):
- CURLOPT_WRITEFUNCTION
- CURLOPT_HEADERFUNCTION
Pass a function which will be called to write data or headers respectively. The callback function prototype:
long write_callback (resource ch, string data)
The ch argument is CURL session handle. The data argument is data received. Note that its size is variable. When writing data, as much data as possible will be returned in all invokes. When writing headers, exactly one complete header line is returned for better parsing.
The function must return number of bytes actually taken care of. If that amount differs from the amount passed to this function, an error will occur.
- CURLOPT_READFUNCTION
Pass a function which will be called to read data. The callback function prototype:
string read_callback (resource ch, resource fd, long length)
The ch argument is CURL session handle. The fd argument is file descriptor passed to CURL by CURLOPT_INFILE option. The length argument is maximum length which can be returned.
The function must return string containing the data which were read. If length of the data is more than maximum length, it will be truncated to maximum length. Returning anything else than a string means an EOF.
[Note: there is more callbacks implemented in current cURL library but they aren't unfortunately implemented in php curl interface yet.]
I managed to use curl to retrieve information from severs on ports other than 80 or 443 (for https) on some installations but not on all.
If you get an "CURLE_COULDNT_CONNECT /* 7 */" error, try adding the port : (for example)
<?php curl_setopt($ch, CURLOPT_PORT, $_SERVER['SERVER_PORT']); ?>
Just a reminder: When setting your CURLOPT_POSTFIELDS remember to replace the spaces in your values with %20
If you want to Curl to follow redirects and you would also like Curl to echo back any cookies that are set in the process, use this:
<?php curl_setopt($ch, CURLOPT_COOKIEJAR, '-'); ?>
'-' means stdout
-dw
About the CURLOPT_HTTPHEADER option, it took me some time to figure out how to format the so-called 'Array'. It fact, it is a list of strings. If Curl was already defining a header item, yours will replace it. Here is an example to change the Content Type in a POST:
<?php curl_setopt ($ch, CURLOPT_HTTPHEADER, Array("Content-Type: text/xml")); ?>
Yann
beware that not all cURLlib constants are supported under php :
e.g. CURLOPT_PROGRESSFUNCTION or CURLOPT_WRITEDATA are not supported.
CURLOPT_WRITEFUNCTION, although undocumented is supported. It takes the name of a user_defined function.
the function should take two arguments (the curl handle, and the inputdata) and return the length of the written data
e.g.
<?php
function myPoorProgressFunc($ch,$str){
global $fd;
$len = fwrite($fd,$str);
print("#");
return $len;
}
curl_setopt($ch,CURLOPT_WRITEFUNCTION,"myPoorProgressFunc");
?>
Also be aware that CURLOPT_WRITEFUNCTION does NOT take the CURLOPT_FILE as a parameter!
in curl lib it would take CURLOPT_WRITEDATA but this is not supported by php; that's why I use "global $fd;" in my exemple function.
CURLOPT_HEADERFUNCTION works the same, and is guaranteed to receive complete header lines as input!
Hope this helps
Ivan
To make a POST in multipart/form-data mode
this worked for me, the " \n" at the end of the variables was very important on my OS X server.
<?php
$file = "file_to_upload.txt";
$submit_url = "http://www.example.com/upload_page.php";
$formvars = array("cc"=>"us \n");
$formvars[variable_1] = "bla bla \n";
$formvars[variable_2] = "bla bla \n";
$formvars[variable_3] = "bla bla \n";
$formvars[variable_4] = "bla bla \n";
$formvars[upfile] = "@$file"; // "@" causes cURL to send as file and not string (I believe)
// init curl handle
$ch = curl_init($submit_url);
curl_setopt($ch, CURLOPT_COOKIEJAR, "my_cookies.txt"); //initiates cookie file if needed
curl_setopt($ch, CURLOPT_COOKIEFILE, "my_cookies.txt"); // Uses cookies from previous session if exist
curl_setopt($ch, CURLOPT_REFERER, "http://www.example.net"); //if server needs to think this post came from elsewhere
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); // follow redirects recursively
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $formvars);
// perform post
echo $pnp_result_page = curl_exec($ch);
curl_close ($ch);
?>
CURLOPT_HTTPHEADER is NOT like the -H command line switch. The command line switch adds or replaces headers (much like the header() line in PHP, but for HTTP clients instead of servers), but the curl extension will eliminate the headers cURL sends by default.
For instance, your Authorization, Host, Referer, Pragma, and Accept headers which are normally written by default or by other CURLOPT_*'s.
Also, it might seem intuitive that this should accept an array hash of header->values, but this is not the case. It accepts an array of strings of the format "Header: Value", much like the -H command-line switch.
Hope this helps,
terry
To collect cookies recieved with a request, set CURLOPT_COOKIEJAR "cookieFileName". Then use CURLOPT_COOKIEFILE "cookieFileName" to recall them in subsequent transactions.
If you want to connect to a secure server for posting info/reading info, you need to make cURL with the openSSL options. Then the sequence is nearly identical to the previous example (except http_S_://, and possibly add the useragent):
<?php
curl_setopt($ch, CURLOPT_URL,"https://example.com");
//some sites only accept your request if your browser looks legit, so send a useragent profile...
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
?>
I used to download www pages to my script and one of the pages was different in MS explorer and different, when I downloaded it. Namely, information, I was really interested in was missing. That was because the server on the other bank of the river was looking at who is downloading the page. Everything got fixed when I pretended I was MSIE. It is done with curl. Here is a function, that you may use in similar situation
<?php
function download_pretending($url,$user_agent) {
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec ($ch);
curl_close ($ch);
return $result;
}
?>