Please everyone, stop setting CURLOPT_SSL_VERIFYPEER to false or 0. If your PHP installation doesn't have an up-to-date CA root certificate bundle, download the one at the curl website and save it on your server:
http://curl.haxx.se/docs/caextract.html
Then set a path to it in your php.ini file, e.g. on Windows:
curl.cainfo=c:\php\cacert.pem
Turning off CURLOPT_SSL_VERIFYPEER allows man in the middle (MITM) attacks, which you don't want!
curl_setopt
(PHP 4 >= 4.0.2, PHP 5, PHP 7, PHP 8)
curl_setopt — Imposta una opzione per un trasferimento CURL
Descrizione
Imposta un'opzione sul gestore della sezione cURL dato.
Elenco dei parametri
-
ch -
Un identificativo cURL restituito da curl_init().
-
option -
L'opzione
CURLOPT_XXXda impostare. -
value -
Il valore da impostare sull'
option.valuedovrebbe essere un bool per i seguenti valori del parametrooption:Opzione Imposta valueaNote CURLOPT_AUTOREFERERtrueper impostare automaticamente il campoReferer:nelle richieste dove esso segue un redirectLocation:.CURLOPT_BINARYTRANSFERtrueper restituire l'output grezzo quando è usatoCURLOPT_RETURNTRANSFER.Da PHP 5.1.3, questa opzione non ha effetto: sarà sempre restituito l'output grezzo quando verrà usato CURLOPT_RETURNTRANSFER.CURLOPT_COOKIESESSIONtrueper marcare questo come un nuovo "session" cookie. Esso forzerà libcurl ad ignorare tutti i cookie che andrà a caricare che sono "session cookies" dalla precedente sessione. Per impostazione predefinita, libcurl memorizza sempre e carica tutti i cookie, indipendente se sono cookie di sessione o no. I cookie di sessione sono cookie senza data di scadenza e sono destinati ad essere vivi e esistenti solo per questa "session".CURLOPT_CERTINFOtrueper stampare informazioni di certificazione SSL sulloSTDERRsui trasferimenti sicuri.Aggiunta in cURL 7.19.1. Disponibile da PHP 5.3.2. Richiede la presenza di CURLOPT_VERBOSEper avere affetto.CURLOPT_CONNECT_ONLYtrueindica alla libreria di effettuare tutte le autenticazioni proxy e configurazioni di connessione necessarie, ma nessun trasferimento dati. Questa opzione è implementata per HTTP, SMTP e POP3.Aggiunta in 7.15.2. Disponibile da PHP 5.5.0. CURLOPT_CRLFtrueper convertire i ritorni a capo Unix in ritorni a capo CRLF sui trasferimenti.CURLOPT_DNS_USE_GLOBAL_CACHEtrueper usare una cache DNS globale. Questa opzione non è thread-safe ed è abilitata per impostazione predefinita.CURLOPT_FAILONERRORtrueper fallire in modo verboso se il codice HTTP restituito è più grande o uguale a 400. Il comportamento predefinito è di restituire la pagina normalmente, ignorando il codice.CURLOPT_FILETIMEtrueper tentare di recuperare la data di modifica del documento remoto. Questo valore può essere recuperato utilizzando l'opzioneCURLINFO_FILETIMEcon curl_getinfo().CURLOPT_FOLLOWLOCATIONtrueper seguire qualsiasi header"Location: "che il server invia come parte dell'header HTTP (notare che questo è ricorsivo, PHP seguirà lo stesso numero di header"Location: "che vengono inviati, a meno che non sia impostatoCURLOPT_MAXREDIRS).CURLOPT_FORBID_REUSEtrueper forzare la connessione a chiudersi esplicitamente quando ha finito l'elaborazione, e per non essere riutilizzata.CURLOPT_FRESH_CONNECTtrueper forzare l'uso di una nuova connessione invece di una dalla cache.CURLOPT_FTP_USE_EPRTtrueper usare EPRT (e LPRT) quando si effettuano download FTP attivi. Utilizzarefalseper disabilitare EPRT e LPRT e usare solo PORT.CURLOPT_FTP_USE_EPSVtrueper provare in primo luogo un comando EPSV per i trasferimenti FTP prima di ritornare a PASV. Impostare afalseper disabilitare EPSV.CURLOPT_FTP_CREATE_MISSING_DIRStrueper creare le cartelle mancanti quando un'operazione FTP incontra un percorso che al momento non esiste.CURLOPT_FTPAPPENDtrueper aggiungere al file remoto al posto di sovrascriverlo.CURLOPT_TCP_NODELAYtrueper disabilitare l'algoritmo di Nagle del TCP, che prova a minimizzare il numero di piccoli pacchetti sulla rete.Disponibile da PHP 5.2.1 per versioni compilate con libcurl 7.11.2 o maggiore. CURLOPT_FTPASCIIUn alias di CURLOPT_TRANSFERTEXT. Usare quella invece.CURLOPT_FTPLISTONLYtrueper elencare solo i nomi di una directory FTP.CURLOPT_HEADERtrueper includere l'header nell'output.CURLINFO_HEADER_OUTtrueper tracciare la stringa della richiesta del gestore.Disponibile da PHP 5.1.3. Il prefisso CURLINFO_è intenzionale.CURLOPT_HTTPGETtrueper resettare il metodo della richiesta HTTP a GET. Dato che GET è l'impostazione di default, questo è necessario solo se il metodo della richiesta è stato modificato.CURLOPT_HTTPPROXYTUNNELtrueper passare attraverso ad un dato proxy HTTP.CURLOPT_MUTEtrueper essere completamente silenzioso per quanto riguarda le funzioni cURL.Rimossa in cURL 7.15.5 (Si può invece usare CURLOPT_RETURNTRANSFER) CURLOPT_NETRCtrueper esaminare il file ~/.netrc per trovare un username e una password per il sito remoto con cui è stata stabilita una connessione.CURLOPT_NOBODYtrueper escludere il corpo dall'output. Il metodo della richiesta è allora impostato a HEAD. Modificando questo afalsenon lo imposta a GET.CURLOPT_NOPROGRESStrueper disabilitare il metro del progresso per i trasferimenti cURL.Nota:
PHP automaticamente imposta questa opzione a
true, questo dovrebbe essere solo cambiato per scopi di debug.CURLOPT_NOSIGNALtrueper ignorare qualsiasi funzione cURL che causa un segnale da essere inviato al processo PHP. Questa è attivata per impostazione predefinita nelle SAPI multi-thread in modo che le opzioni del timeout possano essere usate.Aggiunta in cURL 7.10. CURLOPT_POSTtrueper fare un HTTP POST regolare. Questo POST è il normale tipoapplication/x-www-form-urlencoded, più comunemente utilizzato dai form HTML.CURLOPT_PUTtrueper HTTP PUT un file. Il file da PUT deve essere impostato conCURLOPT_INFILEeCURLOPT_INFILESIZE.CURLOPT_RETURNTRANSFERtrueper restituire il trasferimento come una stringa del valore di ritorno di curl_exec() al posto di stamparla direttamente.CURLOPT_SAFE_UPLOADtrueper disabilitare il supporto per il prefisso@per effettuare l'upload di file inCURLOPT_POSTFIELDS, che significa che i valori che iniziano con@possono essere tranquillamente passati come campi. Alternativamente CURLFile può essere usato per gli upload.Aggiunta in PHP 5.5.0 con falsecome valore predefinitoì. PHP 5.6.0 cambia il valore predefinito atrue.CURLOPT_SSL_VERIFYPEERfalseper non fare verificare a cURL i certificati del peer. Possono essere specificati certificati alternativi con cui verificare con l'opzioneCURLOPT_CAINFOo può essere specificata una directory dei certificati con l'opzioneCURLOPT_CAPATH.trueper impostazione predefinita di cURL 7.10. Bundle predefinito installato di cURL 7.10.CURLOPT_TRANSFERTEXTtrueper usare la modalità ASCII per i trasferimenti FTP. Per LDAP, esso recupera i dati in testo normale invece di HTML. Sui sistemi Windows, esso non imposteràSTDOUTnella modalità binaria.CURLOPT_UNRESTRICTED_AUTHtrueper mantenere l'invio dell'username e della password quando si seguono le locations (utilizzandoCURLOPT_FOLLOWLOCATION), anche quando l'hostname è cambiato.CURLOPT_UPLOADtrueper preparare un upload.CURLOPT_VERBOSEtrueper stampare informazioni verbose. Scrive l'output nelloSTDERR, o il file specificato usandoCURLOPT_STDERR.valuedovrebbe essere un integer per i seguenti valori del parametrooption:Opzione Imposta valueaNote CURLOPT_BUFFERSIZELa dimensione del buffer da usare per ogni lettura. Non ci sono garanzie che questa richiesta verrà soddisfatta, comunque. Aggiunta in cURL 7.10. CURLOPT_CLOSEPOLICYUno dei valori CURLCLOSEPOLICY_*.Nota:
Questa opzione è deprecata, poichè non è mai stata implementata in cURL e non ha mai avuto alcun effetto.
Rimossa in PHP 5.6.0. CURLOPT_CONNECTTIMEOUTIl numero di secondi da aspettare provando a connettersi. Usare 0 per attendere indefinitamente. CURLOPT_CONNECTTIMEOUT_MSIl numero di millisecondi da aspettare mentre si prova a connettersi. Usare 0 per attendere indefinitamente. Se libcurl è costruito per utilizzare il resolver dei nomi di sistema standard, quella porzione della connessione utilizzerà comunque la seconda risoluzione per timeout con un timeout minimo permesso di un secondo. Aggiunta in cURL 7.16.2. Disponibile da PHP 5.2.3. CURLOPT_DNS_CACHE_TIMEOUTIl numero di secondi per mantenere elementi DNS in memoria. Questa opzione è impostata a 120 (2 minuti) per impostazione predefinita. CURLOPT_FTPSSLAUTHIl metodo di autenticazione FTP (quando è attivo): CURLFTPAUTH_SSL(prova SSL per primo),CURLFTPAUTH_TLS(prova TLS per primo), oCURLFTPAUTH_DEFAULT(lascia decidere a cURL).Aggiunta in cURL 7.12.2. CURLOPT_HTTP_VERSIONCURL_HTTP_VERSION_NONE(predefinito, lascia decidere a CURL quale versione utilizzare),CURL_HTTP_VERSION_1_0(forza HTTP/1.0), oCURL_HTTP_VERSION_1_1(forza HTTP/1.1).CURLOPT_HTTPAUTHIl metodo(i) di autenticazione HTTP da utilizzare. Le opzioni sono:
CURLAUTH_BASIC,CURLAUTH_DIGEST,CURLAUTH_GSSNEGOTIATE,CURLAUTH_NTLM,CURLAUTH_ANY, eCURLAUTH_ANYSAFE.L'operatore bitwise
|(or) può essere usato per combinare più di un metodo. Se questo è fatto, cURL chiederà al server per vedere quali metodi esso supporta e sceglierne il migliore.CURLAUTH_ANYè un alias perCURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_GSSNEGOTIATE | CURLAUTH_NTLM.CURLAUTH_ANYSAFEè un alias perCURLAUTH_DIGEST | CURLAUTH_GSSNEGOTIATE | CURLAUTH_NTLM.CURLOPT_INFILESIZELa dimensione attesa, in byte, del file quando si effettua l'upload di un file ad un sito remoto. Notare che usando questa opzione non fermerà libcurl dall'inviare più dati, poichè ciò che viene esattamente inviato dipende da CURLOPT_READFUNCTION.CURLOPT_LOW_SPEED_LIMITLa velocità di trasferimento, in bytes al secondo, in cui la trasmissione dovrebbe stare al di sotto durante CURLOPT_LOW_SPEED_TIMEsecondi affinchè PHP consideri la trasmissione troppo lenta e la abortisca.CURLOPT_LOW_SPEED_TIMEIl numero di secondi in cui il trasferimento dovrebbe stare al di sotto CURLOPT_LOW_SPEED_LIMITin modo che PHP consideri la trasmissione troppo lenta e la abortisca.CURLOPT_MAXCONNECTSLa quantità massima di connessioni persistenti che sono permesse. Quando il limite è raggiunto, viene usata CURLOPT_CLOSEPOLICYper determinare quale connessione chiudere.CURLOPT_MAXREDIRSLa quantità massima di redirect HTTP da seguire. Usa questa opzione accanto a CURLOPT_FOLLOWLOCATION.CURLOPT_PORTUn numero di porta alternativo al quale connettersi. CURLOPT_POSTREDIRUna maschera di bit di 1 (301 Moved Permanently), 2 (302 Found) e 4 (303 See Other) se il metodo HTTP POST dovesse essere mantenuto quando CURLOPT_FOLLOWLOCATIONè impostato e si verifica un tipo specifico di redirect.Aggiunta in cURL 7.19.1. Disponibile da PHP 5.3.2. CURLOPT_PROTOCOLSUna maschera di bit di valori
CURLPROTO_*. Se usata, questa maschera di bit limita quali protocolli può usare libcurl nel trasferimento. Questo permette di avere una libcurl costruita per supportare un ampio range di protocolli ma tuttavia limita specifici trasferimenti ad essere permessi solo per usare un sottoinsieme di essi. Per impostazione predefinita libcurl accetterà tutti i protocolli che supporta. Vedere ancheCURLOPT_REDIR_PROTOCOLS.Le opzioni valide per il protocollo sono:
CURLPROTO_HTTP,CURLPROTO_HTTPS,CURLPROTO_FTP,CURLPROTO_FTPS,CURLPROTO_SCP,CURLPROTO_SFTP,CURLPROTO_TELNET,CURLPROTO_LDAP,CURLPROTO_LDAPS,CURLPROTO_DICT,CURLPROTO_FILE,CURLPROTO_TFTP,CURLPROTO_ALLAggiunta in cURL 7.19.4. CURLOPT_PROXYAUTHI(l) metodi(o) dell'autenticazione HTTP da utilizzare per la connessione proxy. Utilizza la stessa maschera di bit descritta in CURLOPT_HTTPAUTH. Per l'autenticazione del proxy, soloCURLAUTH_BASICeCURLAUTH_NTLMsono supportate al momento.Aggiunta in cURL 7.10.7. CURLOPT_PROXYPORTIl numero della porta del proxy al quale connettersi. Questo numero della porta può anche essere impostato in CURLOPT_PROXY.CURLOPT_PROXYTYPEO CURLPROXY_HTTP(valore predefinito),CURLPROXY_SOCKS4,CURLPROXY_SOCKS5,CURLPROXY_SOCKS4AoCURLPROXY_SOCKS5_HOSTNAME.Aggiunta in cURL 7.10. CURLOPT_REDIR_PROTOCOLSMaschera di bit di valori di CURLPROTO_*. Se usata, questa maschera di bit limita quali protocolli può usare libcurl in un trasferimento che segue ad un redirect quando è abilitataCURLOPT_FOLLOWLOCATION. Questo permette di limitare specifici trasferimenti ad essere permessi solo ad usare un sottoinsieme di protocolli nei redirect. Per impostazione predefinita libcurl permetterà tutti i protocolli eccetto per FILE e SCP. Questa è una differenza rispetto alle versioni pre-7.19.4 che incondizionatamente avrebbe seguito tutti i protocolli supportati. Vedere ancheCURLOPT_PROTOCOLSper i valori delle costanti dei protocolli.Aggiunta in cURL 7.19.4. CURLOPT_RESUME_FROML'offset, in byte, dal quale riprendere un trasferimento. CURLOPT_SSL_VERIFYHOST1 per controllare l'esistenza di un nome comune nel certificato peer SSL. 2 per controllare l'esistenza di un nome comune e inoltre verificare che esso corrisponde all'hostname fornito. In ambienti di produzione il valore di questa opzione dovrebbe essere tenuto a 2 (valore predefinito). Supporto per il valore 1 rimosso in cURL 7.28.1 CURLOPT_SSLVERSIONUno di CURL_SSLVERSION_DEFAULT(0),CURL_SSLVERSION_TLSv1(1),CURL_SSLVERSION_SSLv2(2),CURL_SSLVERSION_SSLv3(3),CURL_SSLVERSION_TLSv1_0(4),CURL_SSLVERSION_TLSv1_1(5) oCURL_SSLVERSION_TLSv1_2(6).Nota:
La cosa migliore è non impostare questo e usare quello di default. Impostarlo a 2 o 3 è molto pericoloso date le conosciute vulnerabilità in SSLv2 e SSLv3.
CURLOPT_TIMECONDITIONCome viene trattato CURLOPT_TIMEVALUE. UsareCURL_TIMECOND_IFMODSINCEper restituire la pagina solo se è stata modificata dall'ora specificata inCURLOPT_TIMEVALUE. Se non è stata modificata, verrà restituito un header"304 Not Modified"assumendo cheCURLOPT_HEADERsiatrue. UtilizzareCURL_TIMECOND_IFUNMODSINCEper l'effetto contrario.CURL_TIMECOND_IFMODSINCEè il valore predefinito.CURLOPT_TIMEOUTIl numero massimo di secondi per permettere alle funzioni cURL di essere eseguite. CURLOPT_TIMEOUT_MSIl numero massimo di millisecondi per permettere alle funzioni cURL di essere eseguite. Se libcurl è costruito per utilizzare il resolver dei nomi di sistema standard, quella porzione della connessione utilizzerà comunque la seconda risoluzione per timeout con un timeout minimo permesso di un secondo. Aggiunta in cURL 7.16.2. Disponibile da PHP 5.2.3. CURLOPT_TIMEVALUEIl tempo in secondi dall'1 Gennaio 1970. Il tempo verrà usato da CURLOPT_TIMECONDITION. Per impostazione predefinita, viene utilizzatoCURL_TIMECOND_IFMODSINCE.CURLOPT_MAX_RECV_SPEED_LARGESe un download eccede questa velocità (contata in byte al secondo) in media cumulativa durante il trasferimento, il trasferimento si metterà in pausa per mantenere il tasso medio inferiore o uguale al valore del parametro. Per impostazione predefinita a velocità senza limiti. Aggiunta in cURL 7.15.5. Disponibile da PHP 5.4.0. CURLOPT_MAX_SEND_SPEED_LARGESe un upload eccede questa velocità (contata in byte al secondo) in media cumulativa durante il trasferimento, il trasferimento si metterà in pausa per mantenere il tasso medio inferiore o uguale al valore del parametro. Per impostazione predefinita a velocità senza limiti. Aggiunta in cURL 7.15.5. Disponibile da PHP 5.4.0. CURLOPT_SSH_AUTH_TYPESUna maschera di bit consistente in una o più di CURLSSH_AUTH_PUBLICKEY,CURLSSH_AUTH_PASSWORD,CURLSSH_AUTH_HOST,CURLSSH_AUTH_KEYBOARD. Impostare aCURLSSH_AUTH_ANYper lasciar sceglierne una a libcurl.Aggiunta in cURL 7.16.1. CURLOPT_IPRESOLVEPermette ad un'applicazione di selezionare quale tipo di indirizzo IP utilizzare quando si risolvono i nomi degli host. Questo è interessante solo quando si utilizzano nomi di host che risolvono indirizzi usando più di una versione di IP, i valori possibili sono CURL_IPRESOLVE_WHATEVER,CURL_IPRESOLVE_V4,CURL_IPRESOLVE_V6, per valore predefinitoCURL_IPRESOLVE_WHATEVER.Aggiunta in cURL 7.10.8. valuedovrebbe essere una string per i seguenti valori del parametrooption:Opzione Imposta valueaNote CURLOPT_CAINFOIl nome di un file che contiene uno o più certificati con cui verificare i peer. Questo ha senso solo quando è usato in combinazione con CURLOPT_SSL_VERIFYPEER.Potrebbe richiedere un percorso assoluto. CURLOPT_CAPATHUna directory che contiene certificati CA multipli. Usare questa opzione accanto a CURLOPT_SSL_VERIFYPEER.CURLOPT_COOKIEIl contenuto dell'header "Cookie: "da utilizzare nella richiesta HTTP. Notare che i cookie multipli sono separati con un punto e virgola seguito da uno spazio (per esempio, "fruit=apple; colour=red")CURLOPT_COOKIEFILEIl nome del file che contiene i dati dei cookie. Il file dei cookie può essere nel formato Netscape, o anche come semplici header con stile HTTP scaricati in un file. Se il nome è una stringa vuota, non viene caricato nessun cookie, ma la gestione dei cookie è ancora abilitata. CURLOPT_COOKIEJARIl nome di un file per salvare tutti i cookie interni quando il gestore viene chiuso, per esempio dopo una chiamata a curl_close. CURLOPT_CUSTOMREQUESTUn metodo di richiesta personalizzato da usare al posto di
"GET"o"HEAD"quando si effettua una richiesta HTTP. Questo è utile per effettuare"DELETE"o altro, richieste HTTP più oscure. I valori validi sono cose come"GET","POST","CONNECT"e così via; cioè non inserire qui un'intera linea di richiesta HTTP. Per esempio, inserire"GET /index.html HTTP/1.0\r\n\r\n"sarebbe scorretto.Nota:
Non fare questo senza essere prima sicuri che il server supporti il metodo della richiesta personalizzata.
CURLOPT_EGDSOCKETCome CURLOPT_RANDOM_FILE, eccetto un nome del file ad un socket Entropy Gathering Daemon.CURLOPT_ENCODINGI contenuti dell'header "Accept-Encoding: ". Questo abilita la decodifica della risposta. Le codifiche supportate sono"identity","deflate", e"gzip". Se viene impostata una stringa vuota,"", viene inviato un header contenente tutte le codifiche supportate.Aggiunta in cURL 7.10. CURLOPT_FTPPORTIl valore che verrà usato per ottenere l'indirizzo IP da usare per l'istruzione FTP "PORT". L'istruzione "PORT" dice al server remoto di connetersi al nostro indirizzo IP specificato. La stringa può essere un semplice indirizzo IP, un hostname, un nome di un'interfaccia di rete (sotto Unix), o semplicemente un chiaro '-' per usare l'indirizzo IP di default del sistema. CURLOPT_INTERFACEIl nome dell'interfaccia di rete in uscita da utilizzare. Questo può essere un nome di un'interfaccia, un indirizzo IP o un host name. CURLOPT_KEYPASSWDLa password richiesta per utilizzare la chiave privata CURLOPT_SSLKEYo la chiave privataCURLOPT_SSH_PRIVATE_KEYFILE.Aggiunta in cURL 7.16.1. CURLOPT_KRB4LEVELIl livello di sicurezza KRB4 (Kerberos 4). Ognuno dei seguenti valori (in ordine dal meno al più potente) sono validi: "clear","safe","confidential","private".. Se la stringa non corrisponde ad una di queste, viene utilizzato"private". Impostando questa opzione anullverrà disabilitata la sicurezza di KRB4. Attualmente la sicurezza di KRB4 funziona solo con transazione FTP.CURLOPT_POSTFIELDSTutti i dati da inviare in un'operazione HTTP "POST". Per effettuare il post di un file, anteporre al nome del file un @e utilizzare il percorso completo. Il tipo del file può essere esplicitamente specificato inserendo dopo il nome del file il tipo nel formato ';type=mimetype'. Questo parametro può essere passato sia come una stringa codificata in url come 'para1=val1¶2=val2&...' oppure come un array con il nome del campo come chiave e il dato del campo come valore. Sevalueè un array, l'headerContent-Typesarà settato amultipart/form-data. Da PHP 5.2.0,valuedeve essere un array se i file sono passati a questa opzione con il prefisso@. Da PHP 5.5.0, il prefisso@è deprecato e i file possono essere inviati usando CURLFile. Il prefisso@può essere disabilitato per il passaggio sicuro dei valori che iniziano con@impostando l'opzioneCURLOPT_SAFE_UPLOADatrue.CURLOPT_PROXYIl proxy HTTP da utilizzare come tunnel per le richieste. CURLOPT_PROXYUSERPWDUn username ed una password formattati come "[username]:[password]"da usare per la connessione al proxy.CURLOPT_RANDOM_FILEUn nome del file da utilizzare per inizializzare il generatore di numeri casuali per SSL. CURLOPT_RANGEL'intervallo di dati da ricevere nel formato "X-Y"dove X o Y sono opzionali. I trasferimenti HTTP supportano anche diversi intervalli, separati da virgole nel formato"X-Y,N-M".CURLOPT_REFERERI contenuti dell'header "Referer: "da utilizzare in una richiesta HTTP.CURLOPT_SSH_HOST_PUBLIC_KEY_MD5Una stringa contenente 32 cifre esadecimali. La stringa dovrebbe essere il checksum MD5 della chiave pubblica dell'host remoto, e libcurl rifiuterà la connessione all'host a meno che l'md5sums non corrisponda. Questa opzione è solo per i trasferimenti SCP e SFTP. Aggiunta in cURL 7.17.1. CURLOPT_SSH_PUBLIC_KEYFILEIl nome del file per la propria chiave pubblica. Se non utilizzato, il valore predefinito di libcurl è $HOME/.ssh/id_dsa.pub se la variabile di ambiente HOME è impostata, e solo "id_dsa.pub" nella directory corrente se HOME non è impostata. Aggiunta in cURL 7.16.1. CURLOPT_SSH_PRIVATE_KEYFILEIl nome del file per la propria chiave privata. Se non utilizzato, il valore predefinito di libcurl è $HOME/.ssh/id_dsa se la variabile di ambiente HOME è impostata, e solo "id_dsa" nella directory corrente se HOME non è impostata. Se il file è protetto con password, impostare la password con CURLOPT_KEYPASSWD.Aggiunta in cURL 7.16.1. CURLOPT_SSL_CIPHER_LISTUna lista di cifrari da usare per SSL. Per esempio, RC4-SHAeTLSv1sono liste di cifrari valide.CURLOPT_SSLCERTIl nome di un file contenente un certificato formattato PEM. CURLOPT_SSLCERTPASSWDLa password richiesta per utilizzare il certificato CURLOPT_SSLCERT.CURLOPT_SSLCERTTYPEIl formato del certificato. I formati supportati sono "PEM"(predefinito),"DER", e"ENG".Aggiunta in cURL 7.9.3. CURLOPT_SSLENGINEL'identificatore per il motore di crypto della chiave SSL privata specificata in CURLOPT_SSLKEY.CURLOPT_SSLENGINE_DEFAULTL'identificatore per il motore di crypto usato per le operazioni di crypto asimmetriche. CURLOPT_SSLKEYIl nome di un file contenente una chiave SSL privata. CURLOPT_SSLKEYPASSWDLa password segreta necessaria per utilizzare la chiave SSL privata specificata in
CURLOPT_SSLKEY.Nota:
Dato che questa opzione contiene una password delicata, ricordarsi di mantenere lo script PHP che la contiene sicuro.
CURLOPT_SSLKEYTYPEIl tipo di chiave della chiave SSL privata specificata in CURLOPT_SSLKEY. I tipi di chiave supportati sono"PEM"(predefinito),"DER", e"ENG".CURLOPT_URLL'URL da raggiungere. Questo può anche essere impostato quando si inizializza una sessione con curl_init(). CURLOPT_USERAGENTI contenuti dell'header "User-Agent: "da utilizzare nella richiesta HTTP.CURLOPT_USERPWDUn username e password formattati come "[username]:[password]"da utilizzare per la connessione.valuedovrebbe essere un array per i seguenti valori del parametrooption:Opzione Imposta valueaNote CURLOPT_HTTP200ALIASESUn array di risposte HTTP 200 che saranno trattate come risposte valide e non come errori. Aggiunta in cURL 7.10.3. CURLOPT_HTTPHEADERUn array di campi header HTTP da impostare, nel formato array('Content-type: text/plain', 'Content-length: 100')CURLOPT_POSTQUOTEUn array di comandi FTP da eseguire sul server dopo che la richiesta FTP è stata eseguita. CURLOPT_QUOTEUn array di comandi FTP da eseguire sul server prima della richiesta FTP. valuedovrebbe essere una risorsa di flusso (usando fopen(), per esempio) per i seguenti valori del parametrooption:Opzione Imposta valueaCURLOPT_FILEIl file sul quale dovrebbe scrivere il trasferimento. Il valore predefinito è STDOUT(la finestra del browser).CURLOPT_INFILEIl file dal quale il trasferimento dovrebbe leggere in fase di upload. CURLOPT_STDERRUna posizione alternativa sulla quale stampare gli errori invece di STDERR.CURLOPT_WRITEHEADERIl file sul quale è scritta la parte degli header del trasferimento. valuedovrebbe essere il nome di una funzione o di una Closure valida per i seguenti valori del parametrooption:Opzione Imposta valueaCURLOPT_HEADERFUNCTIONUna callback che accetta due parametri. Il primo è la risorsa cURL, il secondo è una stringa con i dati dell'header da scrivere. I dati degli header devono essere scritti da questa callback. Restituisce il numero di byte scritti. CURLOPT_PASSWDFUNCTIONUna callback che accetta tre parametri. Il primo è la risorsa cURL, il secondo è una stringa contenente una richiesta di password, e il terzo è la massima lunghezza della password. Restituisce la stringa contenente la password. CURLOPT_PROGRESSFUNCTIONUna callback che accetta cinque parametri. Il primo è la risorsa cURL, il secondo è il numero totale di byte attesi da scaricare in questo trasferimento, il terzo è il numero di byte scaricati finora, il quarto è il totale numero di byte attesi da uploadare in questo trasferimento, e il quinto è il numero di byte uploadati finora.
Nota:
La callback è chiamata solo quando l'opzione
CURLOPT_NOPROGRESSè impostata afalse.Restituisce un valore non zero per abortire il trasferimento. In tal caso, il trasferimento imposterà un errore
CURLE_ABORTED_BY_CALLBACK.CURLOPT_READFUNCTIONUna callback che accetta tre parametri. Il primo è la risorsa cURL, il secondo è un flusso di risorsa fornito a cURL attraverso l'opzione CURLOPT_INFILE, e il terzo è la massima quantità di dati da leggere. La callback deve restituire una stringa con una dimensione uguale o minore della quantità di dati richiesti, tipicamente leggendola dal flusso di risorsa passato. Dovrebbe restituire una stringa vuota per segnalareEOF.CURLOPT_WRITEFUNCTIONUna callback che accetta due parametri. Il primo è la risorsa cURL, e il secondo è una stringa con i dati da scrivere. I dati devono essere salvati da questa callback. Essa deve restituire l'esatto numero di byte scritti o il trasferimento verrà abortito con un errore. Altri valori:
Opzione Imposta valueaCURLOPT_SHAREUn risultato di curl_share_init(). Fa utilizzare al gestore cURL i dati dal gestore condiviso.
Valori restituiti
Restituisce true in caso di successo, false in caso di fallimento.
Log delle modifiche
| Versione | Descrizione |
|---|---|
| 5.6.0 |
CURLOPT_SAFE_UPLOAD è ora true per impostazione predefinita.
|
| 5.6.0 |
Rimosso CURLOPT_CLOSEPOLICY e i suoi valori associati.
|
| 5.5.0 |
Aggiunta la risorsa cURL come primo argomento alla
callback CURLOPT_PROGRESSFUNCTION.
|
| 5.5.0 |
Introdotto CURLOPT_SHARE.
|
| 5.3.0 |
Introdotto CURLOPT_PROGRESSFUNCTION.
|
| 5.2.10 |
Introdotto CURLOPT_PROTOCOLS, e
CURLOPT_REDIR_PROTOCOLS.
|
| 5.1.0 |
Introdotto CURLOPT_AUTOREFERER,
CURLOPT_BINARYTRANSFER,
CURLOPT_FTPSSLAUTH,
CURLOPT_PROXYAUTH, e
CURLOPT_TIMECONDITION.
|
| 5.0.0 |
Introdotto CURLOPT_FTP_USE_EPRT,
CURLOPT_NOSIGNAL,
CURLOPT_UNRESTRICTED_AUTH,
CURLOPT_BUFFERSIZE,
CURLOPT_HTTPAUTH,
CURLOPT_PROXYPORT,
CURLOPT_PROXYTYPE,
CURLOPT_SSLCERTTYPE, e
CURLOPT_HTTP200ALIASES.
|
Esempi
Example #1 Inizializzazione di una nuova sessione cURL e recuperare una pagina web
<?php
// crea una nuova risorsa cURL
$ch = curl_init();
// imposta l'URL e altre opzioni appropriate
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
curl_setopt($ch, CURLOPT_HEADER, false);
// prende l'URL e lo passa al browser
curl_exec($ch);
// chiude la risorsa cURL, e libera le risorse del sistema
curl_close($ch);
?>
Example #2 Effettuare l'upload di un file (deprecato in PHP 5.5.0)
<?php
/* http://localhost/upload.php:
print_r($_POST);
print_r($_FILES);
*/
$ch = curl_init();
$data = array('name' => 'Foo', 'file' => '@/home/user/test.png');
curl_setopt($ch, CURLOPT_URL, 'http://localhost/upload.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false); // richiesto in PHP 5.6.0
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
?>Il precedente esempio visualizzerà:
Array
(
[name] => Foo
)
Array
(
[file] => Array
(
[name] => test.png
[type] => image/png
[tmp_name] => /tmp/phpcpjNeQ
[error] => 0
[size] => 279
)
)
Note
Nota:
Passando un array a
CURLOPT_POSTFIELDSi dati verranno codificati come multipart/form-data, mentre passando una stringa codificata come URL i dati verranno codificati come application/x-www-form-urlencoded.
add a note
User Contributed Notes 69 notes
rmckay at webaware dot com dot au ¶
12 years ago
joey ¶
8 years ago
It is important that anyone working with cURL and PHP keep in mind that not all of the CURLOPT and CURLINFO constants are documented. I always recommend reading the cURL documentation directly as it sometimes contains better information. The cURL API in tends to be fubar as well so do not expect things to be where you would normally logically look for them.
curl is especially difficult to work with when it comes to cookies. So I will talk about what I found with PHP 5.6 and curl 7.26.
If you want to manage cookies in memory without using files including reading, writing and clearing custom cookies then continue reading.
To start with, the way to enable in memory only cookies associated with a cURL handle you should use:
curl_setopt($curl, CURLOPT_COOKIEFILE, "");
cURL likes to use magic strings in options as special commands. Rather than having an option to enable the cookie engine in memory it uses a magic string to do that. Although vaguely the documentation here mentions this however most people like me wouldn't even read that because a COOKIEFILE is the complete opposite of what we want.
To get the cookies for a curl handle you can use:
curl_getinfo($curl, CURLINFO_COOKIELIST);
This will give an array containing a string for each cookie. It is tab delimited and unfortunately you will have to parse it yourself if you want to do anything beyond copying the cookies.
To clear the in memory cookies for a cURL handle you can use:
curl_setopt($curl, CURLOPT_COOKIELIST, "ALL");
This is a magic string. There are others in the cURL documentation. If a magic string isn't used, this field should take a cookie in the same string format as in getinfo for the cookielist constant. This can be used to delete individual cookies although it's not the most elegant API for doing so.
For copying cookies I recommend using curl_share_init.
You can also copy cookies from one handle to another like so:
foreach(curl_getinfo($curl_a, CURLINFO_COOKIELIST) as $cookie_line)
curl_setopt($curl, CURLOPT_COOKIELIST, $cookie_line);
An inelegant way to delete a cookie would be to skip the one you don't want.
I only recommend using COOKIELIST with magic strings because the cookie format is not secure or stable. You can inject tabs into at least path and name so it becomes impossible to parse reliably. If you must parse this then to keep it secure I recommend prohibiting more than 6 tabs in the content which probably isn't a big loss to most people.
A the absolute minimum for validation I would suggest:
/^([^\t]+\t){5}[^\t]+$/D
Here is the format:
#define SEP "\t" /* Tab separates the fields */
char *my_cookie =
"example.com" /* Hostname */
SEP "FALSE" /* Include subdomains */
SEP "/" /* Path */
SEP "FALSE" /* Secure */
SEP "0" /* Expiry in epoch time format. 0 == Session */
SEP "foo" /* Name */
SEP "bar"; /* Value */
ashw1 - at - no spam - post - dot - cz ¶
17 years ago
In case you wonder how come, that cookies don't work under Windows, I've googled for some answers, and here is the result: Under WIN you need to input absolute path of the cookie file.
This piece of code solves it:
<?php
if ($cookies != '')
{
if (substr(PHP_OS, 0, 3) == 'WIN')
{$cookies = str_replace('\\','/', getcwd().'/'.$cookies);}
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
}
?>
Steve Kamerman ¶
13 years ago
If you want cURL to timeout in less than one second, you can use CURLOPT_TIMEOUT_MS, although there is a bug/"feature" on "Unix-like systems" that causes libcurl to timeout immediately if the value is < 1000 ms with the error "cURL Error (28): Timeout was reached". The explanation for this behavior is:
"If libcurl is built to use the standard system name resolver, that portion of the transfer will still use full-second resolution for timeouts with a minimum timeout allowed of one second."
What this means to PHP developers is "You can use this function without testing it first, because you can't tell if libcurl is using the standard system name resolver (but you can be pretty sure it is)"
The problem is that on (Li|U)nix, when libcurl uses the standard name resolver, a SIGALRM is raised during name resolution which libcurl thinks is the timeout alarm.
The solution is to disable signals using CURLOPT_NOSIGNAL. Here's an example script that requests itself causing a 10-second delay so you can test timeouts:
<?php
if (!isset($_GET['foo'])) {
// Client
$ch = curl_init('http://localhost/test/test_timeout.php?foo=bar');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_NOSIGNAL, 1);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 200);
$data = curl_exec($ch);
$curl_errno = curl_errno($ch);
$curl_error = curl_error($ch);
curl_close($ch);
if ($curl_errno > 0) {
echo "cURL Error ($curl_errno): $curl_error\n";
} else {
echo "Data received: $data\n";
}
} else {
// Server
sleep(10);
echo "Done.";
}
?>
JScott jscott401 at gmail dot com ¶
14 years ago
Some additional notes for curlopt_writefunction. I struggled with this at first because it really isn't documented very well.
When you write a callback function and use it with curlopt_writefunction it will be called MULTIPLE times. Your function MUST return the ammount of data written to it each time. It is very picky about this. Here is a snippet from my code that may help you
<?php
curl_setopt($this->curl_handle, CURLOPT_WRITEFUNCTION, array($this, "receiveResponse"));
// later on in the class I wrote my receive Response method
private function receiveResponse($curlHandle,$xmldata)
{
$this->responseString = $xmldata;
$this->responseXML .= $this->responseString;
$this->length = strlen($xmldata);
$this->size += $this->length;
return $this->length;
}
?>
Now I did this for a class. If you aren't doing OOP then you will obviously need to modify this for your own use.
CURL calls your script MULTIPLE times because the data will not always be sent all at once. Were talking internet here so its broken up into packets. You need to take your data and concatenate it all together until it is all written. I was about to pull my damn hair out because I would get broken chunks of XML back from the server and at random lengths. I finally figured out what was going on. Hope this helps
cmatiasvillanueva at gmail dot com ¶
6 years ago
What is not mentioned in the documentation is that if you want to set a local-port or local-port-range to establish a connection is possible by adding CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE options.
Ex:
$conn=curl_init ('example.com');
curl_setopt($conn, CURLOPT_LOCALPORT, 35000);
curl_setopt($conn, CURLOPT_LOCALPORTRANGE, 200);
CURLOPT_LOCALPORT: This sets the local port number of the socket used for the connection.
CURLOPT_LOCALPORTRANGE: The range argument is the number of attempts libcurl will make to find a working local port number. It starts with the given CURLOPT_LOCALPORT and adds one to the number for each retry. Setting this option to 1 or below will make libcurl do only one try for the exact port number.
Interface can be also configured using CURLOPT_INTERFACE:
Ex:
curl_setopt($conn, CURLOPT_INTERFACE, "eth1");
Philippe dot Jausions at 11abacus dot com ¶
18 years ago
Clarification on the callback methods:
- CURLOPT_HEADERFUNCTION is for handling header lines received *in the response*,
- CURLOPT_WRITEFUNCTION is for handling data received *from the response*,
- CURLOPT_READFUNCTION is for handling data passed along *in the request*.
The callback "string" can be any callable function, that includes the array(&$obj, 'someMethodName') format.
-Philippe
mw+php dot net at lw-systems dot de ¶
12 years ago
The description of the use of the CURLOPT_POSTFIELDS option should be emphasize, that using POST with HTTP/1.1 with cURL implies the use of a "Expect: 100-continue" header. Some web servers will not understand the handling of chunked transfer of post data.
To disable this behavior one must disable the use of the "Expect:" header with
curl_setopt($ch, CURLOPT_HTTPHEADER,array("Expect:"));
Ed Cradock ¶
14 years ago
PUT requests are very simple, just make sure to specify a content-length header and set post fields as a string.
Example:
<?php
function doPut($url, $fields)
{
$fields = (is_array($fields)) ? http_build_query($fields) : $fields;
if($ch = curl_init($url))
{
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Length: ' . strlen($fields)));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_exec($ch);
$status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return (int) $status;
}
else
{
return false;
}
}
if(doPut('http://example.com/api/a/b/c', array('foo' => 'bar')) == 200)
// do something
else
// do something else.
?>
You can grab the request data on the other side with:
<?php
if($_SERVER['REQUEST_METHOD'] == 'PUT')
{
parse_str(file_get_contents('php://input'), $requestData);
// Array ( [foo] => bar )
print_r($requestData);
// Do something with data...
}
?>
DELETE can be done in exactly the same way.
Victor Jerlin ¶
15 years ago
Seems like some options not mentioned on this page, but listed on http://curl.haxx.se/libcurl/c/curl_easy_setopt.html is actually supported.
I was happy to see that I could actually use CURLOPT_FTP_CREATE_MISSING_DIRS even from PHP.
sgamon at yahoo dot com ¶
16 years ago
If you are doing a POST, and the content length is 1,025 or greater, then curl exploits a feature of http 1.1: 100 (Continue) Status.
See http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html#sec8.2.3
* it adds a header, "Expect: 100-continue".
* it then sends the request head, waits for a 100 response code, then sends the content
Not all web servers support this though. Various errors are returned depending on the server. If this happens to you, suppress the "Expect" header with this command:
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
?>
See http://www.gnegg.ch/2007/02/the-return-of-except-100-continue/
dweingart at pobox dot com ¶
21 years ago
If you want to Curl to follow redirects and you would also like Curl to echo back any cookies that are set in the process, use this:
<?php curl_setopt($ch, CURLOPT_COOKIEJAR, '-'); ?>
'-' means stdout
-dw
Chris at PureFormSolutions dot com ¶
15 years ago
I've found that setting CURLOPT_HTTPHEADER more than once will clear out any headers you've set previously with CURLOPT_HTTPHEADER.
Consider the following:
<?php
# ...
curl_setopt($cURL,CURLOPT_HTTPHEADER,array (
"Content-Type: text/xml; charset=utf-8",
"Expect: 100-continue"
));
# ... do some other stuff ...
curl_setopt($cURL,CURLOPT_HTTPHEADER,array (
"Accept: application/json"
));
# ...
?>
Both the Content-Type and Expect I set will not be in the outgoing headers, but Accept will.
joelhy ¶
8 years ago
Please notice that CURLINFO_HEADER_OUT and CURLOPT_VERBOSE option does not work together:
"When CURLINFO_HEADER_OUT is set to TRUE than CURLOPT_VERBOSE does not work."(from https://bugs.php.net/bug.php?id=65348).
This took me an hour or two to figure it out.
luca dot manzo at bbsitalia dot com ¶
18 years ago
If you're getting trouble with cookie handling in curl:
- curl manages tranparently cookies in a single curl session
- the option
<?php curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookieFileName"); ?>
makes curl to store the cookies in a file at the and of the curl session
- the option
<?php curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookieFileName"); ?>
makes curl to use the given file as source for the cookies to send to the server.
so to handle correctly cookies between different curl session, the you have to do something like this:
<?php
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_COOKIEJAR, COOKIE_FILE_PATH);
curl_setopt ($ch, CURLOPT_COOKIEFILE, COOKIE_FILE_PATH);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec ($ch);
curl_close($ch);
return $result;
?>
in particular this is NECESSARY if you are using PEAR_SOAP libraries to build a webservice client over https and the remote server need to establish a session cookie. in fact each soap message is sent using a different curl session!!
I hope this can help someone
Luca
qwertz182 ¶
4 years ago
As the "example #2 Uploading file" says it is deprecated as of PHP 5.5.0 but doesn't tell you how it's done right,
here is a really easy example using the CURLFile class:
<?php
$request = [
'firstName' => 'John',
'lastName' => 'Doe',
'file' => new CURLFile('example.txt', 'text/plain') // or use curl_file_create()
];
$curlOptions = [
CURLOPT_URL => 'http://example.com/upload.php',
CURLOPT_POST => true,
CURLOPT_HEADER => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $request,
];
$ch = curl_init();
curl_setopt_array($ch, $curlOptions);
$response = curl_exec($ch);
?>
This is just like posting a html form with an input[type=file] field.
The result on windows could look like this:
<?php
// $_POST
Array
(
[firstName] => John
[lastName] => Doe
)
// $_FILES
Array
(
[file] => Array
(
[name] => example.txt
[type] => text/plain
[tmp_name] => C:\wamp64\tmp\php3016.tmp
[error] => 0
[size] => 14
)
)
?>
Since the request is an array (and not a string), curl will automatically encode the data as "multipart/form-data".
Please be aware that if you pass an invalid file path to CURLFile, setting the CURLOPT_POSTFIELDS option will fail.
So if you are using curl_setopt_array for setting the options at once, according to the manual, "If an option could not be successfully set, FALSE is immediately returned, ignoring any future options in the options array.".
So you should make sure that the file exists or set CURLOPT_POSTFIELDS with curl_setopt() and check if it returns false and act accordingly.
yann dot corno at free dot fr ¶
22 years ago
About the CURLOPT_HTTPHEADER option, it took me some time to figure out how to format the so-called 'Array'. It fact, it is a list of strings. If Curl was already defining a header item, yours will replace it. Here is an example to change the Content Type in a POST:
<?php curl_setopt ($ch, CURLOPT_HTTPHEADER, Array("Content-Type: text/xml")); ?>
Yann
anderseta at gmail dot com ¶
14 years ago
If you wish to find the size of the file you are streaming and use it as your header this is how:
<?php
function write_function($curl_resource, $string)
{
if(curl_getinfo($curl_resource, CURLINFO_SIZE_DOWNLOAD) <= 2000)
{
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Description: File Transfer');
header("Content-Transfer-Encoding: binary");
header("Content-Type: ".curl_getinfo($curl_resource, CURLINFO_CONTENT_TYPE)."");
header("Content-Length: ".curl_getinfo($curl_resource, CURLINFO_CONTENT_LENGTH_DOWNLOAD)."");
}
print $string;
return mb_strlen($string, '8bit');
}
?>
1440 is the the default number of bytes curl will call the write function (BUFFERSIZE does not affect this, i actually think you can not change this value), so it means the headers are going to be set only one time.
write_function must return the exact number of bytes of the string, so you can return a value with mb_strlen.
badman ¶
10 years ago
Many hosters use PHP safe_mode or/and open_basedir, so you can't use CURLOPT_FOLLOWLOCATION. If you try, you see message like this:
CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in [you script name & path] on line XXX
First, I try to use zsalab function (http://us2.php.net/manual/en/function.curl-setopt.php#102121) from this page, but for some reason it did not work properly. So, I wrote my own.
It can be use instead of curl_exec. If server HTTP response codes is 30x, function will forward the request as long as the response is not different from 30x (for example, 200 Ok). Also you can use POST.
function curlExec(/* Array */$curlOptions='', /* Array */$curlHeaders='', /* Array */$postFields='')
{
$newUrl = '';
$maxRedirection = 10;
do
{
if ($maxRedirection<1) die('Error: reached the limit of redirections');
$ch = curl_init();
if (!empty($curlOptions)) curl_setopt_array($ch, $curlOptions);
if (!empty($curlHeaders)) curl_setopt($ch, CURLOPT_HTTPHEADER, $curlHeaders);
if (!empty($postFields))
{
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
}
if (!empty($newUrl)) curl_setopt($ch, CURLOPT_URL, $newUrl); // redirect needed
$curlResult = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($code == 301 || $code == 302 || $code == 303 || $code == 307)
{
preg_match('/Location:(.*?)\n/', $curlResult, $matches);
$newUrl = trim(array_pop($matches));
curl_close($ch);
$maxRedirection--;
continue;
}
else // no more redirection
{
$code = 0;
curl_close($ch);
}
}
while($code);
return $curlResult;
}
jade dot skaggs at gmail dot com ¶
16 years ago
After much struggling, I managed to get a SOAP request requiring HTTP authentication to work. Here's some source that will hopefully be useful to others.
<?php
$credentials = "username:password";
// Read the XML to send to the Web Service
$request_file = "./SampleRequest.xml";
$fh = fopen($request_file, 'r');
$xml_data = fread($fh, filesize($request_file));
fclose($fh);
$url = "http://www.example.com/services/calculation";
$page = "/services/calculation";
$headers = array(
"POST ".$page." HTTP/1.0",
"Content-type: text/xml;charset=\"utf-8\"",
"Accept: text/xml",
"Cache-Control: no-cache",
"Pragma: no-cache",
"SOAPAction: \"run\"",
"Content-length: ".strlen($xml_data),
"Authorization: Basic " . base64_encode($credentials)
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERAGENT, $defined_vars['HTTP_USER_AGENT']);
// Apply the XML to our curl call
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);
$data = curl_exec($ch);
if (curl_errno($ch)) {
print "Error: " . curl_error($ch);
} else {
// Show me the result
var_dump($data);
curl_close($ch);
}
?>
jancister at gmail dot com ¶
9 years ago
Please note that if you want to handle progress using CURLOPT_PROGRESSFUNCTION option, you need to take into consideration what version of PHP are you using. Since version 5.5.0, compatibility-breaking change was introduced in number/order of the arguments passed to the callback function, and cURL resource is now passed as first argument.
Prior to version 5.5.0:
<?php
// ...
curl_setopt($resource, CURLOPT_PROGRESSFUNCTION, 'progressCallback');
curl_setopt($resource, CURLOPT_NOPROGRESS, false);
// ...
function progressCallback($download_size = 0, $downloaded = 0, $upload_size = 0, $uploaded = 0)
{
// Handle progress
}
?>
From version 5.5.0:
<?php
// ...
curl_setopt($resource, CURLOPT_PROGRESSFUNCTION, 'progressCallback');
curl_setopt($resource, CURLOPT_NOPROGRESS, false);
// ...
function progressCallback($resource, $download_size = 0, $downloaded = 0, $upload_size = 0, $uploaded = 0)
{
// Handle progress
}
?>
However, if your code needs to be compatible with PHP version both before and after 5.5.0, consider adding a version check:
<?php
// ...
curl_setopt($resource, CURLOPT_PROGRESSFUNCTION, 'progressCallback');
curl_setopt($resource, CURLOPT_NOPROGRESS, false);
// ...
function progressCallback($resource, $download_size = 0, $downloaded = 0, $upload_size = 0, $uploaded = 0)
{
/**
* $resource parameter was added in version 5.5.0 breaking backwards compatibility;
* if we are using PHP version lower than 5.5.0, we need to shift the arguments
* @see http://php.net/manual/en/function.curl-setopt.php#refsect1-function.curl-setopt-changelog
*/
if (version_compare(PHP_VERSION, '5.5.0') < 0) {
$uploaded = $upload_size;
$upload_size = $downloaded;
$downloaded = $download_size;
$download_size = $resource;
}
// Handle progress
}
?>
joeterranova at gmail dot com ¶
14 years ago
It appears that setting CURLOPT_FILE before setting CURLOPT_RETURNTRANSFER doesn't work, presumably because CURLOPT_FILE depends on CURLOPT_RETURNTRANSFER being set.
So do this:
<?php
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FILE, $fp);
?>
not this:
<?php
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
?>
skyogre __at__ yandex __dot__ ru ¶
18 years ago
There is really a problem of transmitting $_POST data with curl in php 4+ at least.
I improved the encoding function by Alejandro Moreno to work properly with mulltidimensional arrays.
<?php
function data_encode($data, $keyprefix = "", $keypostfix = "") {
assert( is_array($data) );
$vars=null;
foreach($data as $key=>$value) {
if(is_array($value)) $vars .= data_encode($value, $keyprefix.$key.$keypostfix.urlencode("["), urlencode("]"));
else $vars .= $keyprefix.$key.$keypostfix."=".urlencode($value)."&";
}
return $vars;
}
curl_setopt($ch, CURLOPT_POSTFIELDS, substr(data_encode($_POST), 0, -1) );
?>
fnjordy at gmail dot com ¶
15 years ago
Note that CURLOPT_RETURNTRANSFER when used with CURLOPT_WRITEFUNCTION has effectively three settings: default, true, and false.
default - callbacks will be called as expected.
true - content will be returned but callback function will not be called.
false - content will be output and callback function will not be called.
Note that CURLOPT_HEADERFUNCTION callbacks are always called.
juozaspo at gmail dot com ¶
12 years ago
I've created an example that gets the file on url passed to script and outputs it to the browser.
<?php
//get the file (e.g. image) and output it to the browser
$ch = curl_init(); //open curl handle
curl_setopt($ch, CURLOPT_URL, $_GET['url']); //set an url
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //do not output directly, use variable
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1); //do a binary transfer
curl_setopt($ch, CURLOPT_FAILONERROR, 1); //stop if an error occurred
$file=curl_exec($ch); //store the content in variable
if(!curl_errno($ch))
{
//send out headers and output
header ("Content-type: ".curl_getinfo($ch, CURLINFO_CONTENT_TYPE)."");
header ("Content-Length: ".curl_getinfo($ch, CURLINFO_CONTENT_LENGTH_DOWNLOAD)."");
echo $file;
} else echo 'Curl error: ' . curl_error($ch);
curl_close($ch); //close curl handle
?>
p.s. Make sure that there're no new lines before and after code or script may not work.
Joey Hewitt ¶
12 years ago
Note that if you put a certificate chain in a PEM file, the certificates need to be ordered so that each certificate is followed by its issuer (i.e., root last.)
Source: http://publib.boulder.ibm.com/tividd/td/ITIM/SC32-1493-00/en_US/HTML/im451_config09.htm
PHP at RHaworth dot net ¶
13 years ago
When CURLOPT_FOLLOWLOCATION and CURLOPT_HEADER are both true and redirect/s have happened then the header returned by curl_exec() will contain all the headers in the redirect chain in the order they were encountered.
Dustin Hawkins ¶
18 years ago
To further expand upon use of CURLOPT_CAPATH and CURLOPT_CAINFO...
In my case I wanted to prevent curl from talking to any HTTPS server except my own using a self signed certificate. To do this, you'll need openssl installed and access to the HTTPS Server Certificate (server.crt by default on apache)
You can then use a command simiar to this to translate your apache certificate into one that curl likes.
$ openssl x509 -in server.crt -out outcert.pem -text
Then set CURLOPT_CAINFO equal to the the full path to outcert.pem and turn on CURLOPT_SSL_VERIFYPEER.
If you want to use the CURLOPT_CAPATH option, you should create a directory for all the valid certificates you have created, then use the c_rehash script that is included with openssl to "prepare" the directory.
If you dont use the c_rehash utility, curl will ignore any file in the directory you set.
saidk at phirebranding dot com ¶
15 years ago
Passing in PHP's $_SESSION into your cURL call:
<?php
session_start();
$strCookie = 'PHPSESSID=' . $_COOKIE['PHPSESSID'] . '; path=/';
session_write_close();
$curl_handle = curl_init('enter_external_url_here');
curl_setopt( $curl_handle, CURLOPT_COOKIE, $strCookie );
curl_exec($curl_handle);
curl_close($curl_handle);
?>
This worked great for me. I was calling pages from the same server and needed to keep the $_SESSION variables. This passes them over. If you want to test, just print_r($_SESSION);
Enjoy!
Martin K. ¶
10 years ago
If you only want to enable cookie handling and you don't need to save the cookies for a separate session, just set CURLOPT_COOKIEFILE to an empty string. I was given the advice to use php://memory but that did not seem to have the same effect.
Although this is stated in the documentation I thought it was worth reiterating since it cause me so much trouble.
Ojas Ojasvi ¶
17 years ago
<?php
/*
* Author: Ojas Ojasvi
* Released: September 25, 2007
* Description: An example of the disguise_curl() function in order to grab contents from a website while remaining fully camouflaged by using a fake user agent and fake headers.
*/
$url = 'http://www.php.net';
// disguises the curl using fake headers and a fake user agent.
function disguise_curl($url)
{
$curl = curl_init();
// Setup headers - I used the same headers from Firefox version 2.0.0.6
// below was split up because php.net said the line was too long. :/
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$header[] = "Pragma: "; // browsers keep this blank.
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_USERAGENT, 'Googlebot/2.1 (+http://www.google.com/bot.html)');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_REFERER, 'http://www.google.com');
curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($curl, CURLOPT_AUTOREFERER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
$html = curl_exec($curl); // execute the curl command
curl_close($curl); // close the connection
return $html; // and finally, return $html
}
// uses the function and displays the text off the website
$text = disguise_curl($url);
echo $text;
?>
Ojas Ojasvi
Aaron Wells ¶
9 years ago
If you use cURL to fetch user-supplied URLs (for instance, in a web-based RSS aggregator), be aware of the risk of server-side request forgery (SSRF). This is an attack where the user takes advantage of the fact that cURL requests are sent from the web server itself, to reach network locations they wouldn't be able to reach from outside the network.
For instance, they could enter a "http://localhost" URL, and access things on the web server via "localhost". Or, "ftp://localhost". cURL supports a lot of protocols!
If you are using CURLOPT_FOLLOWLOCATION, the malicious URL could be in a redirect from the original request. cURL also will follow redirect headers to other protocols! (303 See Other; Location: ftp://localhost).
So if you're using cURL with user-supplied URLs, at the very least use CURLOPT_PROTOCOLS (which also sets CURLOPT_REDIR_PROTOCOLS), and either disable CURLOPT_FOLLOWLOCATION or use the "SafeCurl" library to safely follow redirects.
mr at coder dot tv ¶
18 years ago
Sometimes you can't use CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE becoz of the server php-settings(They say u may grab any files from server using these options). Here is the solution
1)Don't use CURLOPT_FOLLOWLOCATION
2)Use curl_setopt($ch, CURLOPT_HEADER, 1)
3)Grab from the header cookies like this:
preg_match_all('|Set-Cookie: (.*);|U', $content, $results);
$cookies = implode(';', $results[1]);
4)Set them using curl_setopt($ch, CURLOPT_COOKIE, $cookies);
Good Luck, Yevgen
eric dot van dot eldik at peercode dot nl ¶
6 years ago
When you get this error using a PUT request: "SSL read: error:00000000:lib(0):func(0):reason(0), errno 104")
It could be caused by:
<?php
curl_setopt($ch, CURLOPT_PUT, TRUE);
?>
Instead try:
<?php
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
?>
S\ ¶
13 years ago
When using CURLOPT_POSTFIELDS with an array as parameter, you have to pay high attention to user input. Unvalidated user input will lead to serious security issues.
<?php
/**
* test.php:
*/
$ch = curl_init('http://example.com');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'foo' => $_GET['bar']
));
curl_exec($ch);
?>
Requesting "test.php?bar=@/home/user/test.png" will send "test.png" to example.com.
Make sure you remove the leading "@" from user input.
clint at fewbar dot com ¶
14 years ago
If you have turned on conditional gets on a curl handle, and then for a subsequent request, you don't have a good setting for CURLOPT_TIMEVALUE , you can disable If-Modified-Since checking with:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $foo);
curl_setopt($ch, CURLOPT_TIMEVALUE, filemtime($foo_path));
curl_setopt($ch, CURLOPT_TIMECONDITION, CURLOPT_TIMECOND_IFMODIFIEDSINCE);
curl_exec($ch);
// Reuse same curl handle
curl_setopt($ch, CURLOPT_URL, $bar);
curl_setopt($ch, CURLOPT_TIMEVALUE, null); // don't know mtime
curl_setopt($ch, CURLOPT_TIMECONDITION, 0); // set it to 0, turns it off
curl_exec($ch);
?>
gskluzacek at gmail dot com ¶
13 years ago
FYI... unless you specifically set the user agent, no user agent will be sent in your request as there is no default value like some of the other options.
As others have said, not sending a user agent may cause you to not get the results that you expected, e.g., 0 byte length content, different content, etc.
rob at infoglobe dot net ¶
17 years ago
Options not included in the above, but that work (Taken from the libcurl.a C documentation)
CURLOPT_FTP_SSL
Pass a long using one of the values from below, to make libcurl use your desired level of SSL for the ftp transfer. (Added in 7.11.0)
CURLFTPSSL_NONE
Don't attempt to use SSL.
CURLFTPSSL_TRY
Try using SSL, proceed as normal otherwise.
CURLFTPSSL_CONTROL
Require SSL for the control connection or fail with CURLE_FTP_SSL_FAILED.
CURLFTPSSL_ALL
Require SSL for all communication or fail with CURLE_FTP_SSL_FAILED.
ohcc at 163 dot com ¶
6 years ago
This is howto upload an existing file to an FTP server with cURL in PHP.
You should remember that CURLOPT_URL should contain the file's basename to save on the FTP server. For example, if you upload hello.txt to ftp://www.wuxiancheng.cn/text/, CURLOPT_URL should be ftp://www.wuxiancheng.cn/text/hello.txt rather than ftp://www.wuxiancheng.cn/text/, otherwise you will get an error message like "Uploading to a URL without a file name! " when you call curl_error();
<?php
$ch = curl_init();
$filepath = 'D:\Web\www\wuxiancheng.cn\hello.txt';
$basename = pathInfo($filepath, PATHINFO_BASENAME);
$filesize = fileSize($filepath);
curl_setopt_array(
$ch,
array(
CURLOPT_URL => 'ftp://www.wuxiancheng.cn/text/' . $basename,
CURLOPT_USERPWD => 'USERNAME:PASSWORD',
CURLOPT_PROTOCOLS => CURLPROTO_FTP,
CURLOPT_UPLOAD => true,
CURLOPT_INFILE => $filepath,
CURLOPT_INFILESIZE => $filesize,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false,
)
);
curl_exec($ch);
$message = curl_errno($ch) === CURLE_OK ? 'success' : 'failure';
echo $message;
?>
Pawel Antczak ¶
14 years ago
Hello.
During problems with "CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set"
I was looking for solution.
I've found few methods on this page, but none of them was good enough, so I made one.
<?php
function curl_redirect_exec($ch, &$redirects, $curlopt_header = false) {
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code == 301 || $http_code == 302) {
list($header) = explode("\r\n\r\n", $data, 2);
$matches = array();
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
$url = trim(array_pop($matches));
$url_parsed = parse_url($url);
if (isset($url_parsed)) {
curl_setopt($ch, CURLOPT_URL, $url);
$redirects++;
return curl_redirect_exec($ch, $redirects);
}
}
if ($curlopt_header)
return $data;
else {
list(,$body) = explode("\r\n\r\n", $data, 2);
return $body;
}
}
?>
Main issue in existing functions was lack of information, how many redirects was done.
This one will count it.
First parameter as usual.
Second should be already initialized integer, it will be incremented by number of done redirects.
You can set CURLOPT_HEADER if You need it.
michaeledwards.com ¶
19 years ago
Problems can occur if you mix CURLOPT_URL with a 'Host:' header in CURLOPT_HEADERS on redirects because cURL will combine the host you explicitly stated in the 'Host:' header with the host from the Location: header of the redirect response.
In short, don't do this:
<?php
$host = "www.example.com";
$url = "http://$host/";
$headers = array("Host: $host");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
Do this instead:
$host = "www.example.com";
$url = "http://$host/";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
?>
regan dot corey at gmail dot com ¶
12 years ago
I spent a couple of days trying to POST a multi-dimensional array of form fields, including a file upload, to a remote server to update a product. Here are the breakthroughs that FINALLY allowed the script to run as desired.
Firstly, the HTML form used input names like these:
<input type="text" name="product[name]" />
<input type="text" name="product[cost]" />
<input type="file" name="product[thumbnail]" />
in conjunction with two other form inputs not part of the product array
<input type="text" name="method" value="put" />
<input type="text" name="mode" />
I used several cURL options, but the only two (other than URL) that mattered were:
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_POSTFIELDS, $postfields);
Pretty standard so far.
Note: headers didn't need to be set, cURL automatically sets headers (like content-type: multipart/form-data; content-length...) when you pass an array into CURLOPT_POSTFIELDS.
Note: even though this is supposed to be a PUT command through an HTTP POST form, no special PUT options needed to be passed natively through cURL. Options such as
curl_setopt($handle, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT', 'Content-Length: ' . strlen($fields)));
or
curl_setopt($handle, CURLOPT_PUT, true);
or
curl_setopt($handle, CURLOPT_CUSTOMREQUEST, "PUT);
were not needed to make the code work.
The fields I wanted to pass through cURL were arranged into an array something like this:
$postfields = array("method" => $_POST["method"],
"mode" => $_POST["mode"],
"product" => array("name" => $_POST["product"],
"cost" => $_POST["product"]["cost"],
"thumbnail" => "@{$_FILES["thumbnail"]["tmp_name"]};type={$_FILES["thumbnail"]["type"]}")
);
-Notice how the @ precedes the temporary filename, this creates a link so PHP will upload/transfer an actual file instead of just the file name, which would happen if the @ isn't included.
-Notice how I forcefully set the mime-type of the file to upload. I was having issues where images filetypes were defaulting to octet-stream instead of image/png or image/jpeg or whatever the type of the selected image.
I then tried passing $postfields straight into curl_setopt($this->handle, CURLOPT_POSTFIELDS, $postfields); but it didn't work.
I tried using http_build_query($postfields); but that didn't work properly either.
In both cases either the file wouldn't be treated as an actual file and the form data wasn't being sent properly. The problem was HTTP's methods of transmitting arrays. While PHP and other languages can figure out how to handle arrays passed via forms, HTTP isn't quite as sofisticated. I had to rewrite the $postfields array like so:
$postfields = array("method" => $_POST["method"],
"mode" => $_POST["mode"],
"product[name]" => $_POST["product"],
"product[cost]" => $_POST["product"]["cost"],
"product[thumbnail]" => "@{$_FILES["thumbnail"]["tmp_name"]}");
curl_setopt($handle, CURLOPT_POSTFIELDS, $postfields);
This, without the use of http_build_query, solved all of my problems. Now the receiving host outputs both $_POST and $_FILES vars correctly.
zsalab ¶
13 years ago
Handling redirections with curl if safe_mode or open_basedir is enabled. The function working transparent, no problem with header and returntransfer options. You can handle the max redirection with the optional second argument (the function is set the variable to zero if max redirection exceeded).
Second parameter values:
- maxredirect is null or not set: redirect maximum five time, after raise PHP warning
- maxredirect is greather then zero: no raiser error, but parameter variable set to zero
- maxredirect is less or equal zero: no follow redirections
<?php
function curl_exec_follow(/*resource*/ $ch, /*int*/ &$maxredirect = null) {
$mr = $maxredirect === null ? 5 : intval($maxredirect);
if (ini_get('open_basedir') == '' && ini_get('safe_mode' == 'Off')) {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $mr > 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, $mr);
} else {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
if ($mr > 0) {
$newurl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
$rch = curl_copy_handle($ch);
curl_setopt($rch, CURLOPT_HEADER, true);
curl_setopt($rch, CURLOPT_NOBODY, true);
curl_setopt($rch, CURLOPT_FORBID_REUSE, false);
curl_setopt($rch, CURLOPT_RETURNTRANSFER, true);
do {
curl_setopt($rch, CURLOPT_URL, $newurl);
$header = curl_exec($rch);
if (curl_errno($rch)) {
$code = 0;
} else {
$code = curl_getinfo($rch, CURLINFO_HTTP_CODE);
if ($code == 301 || $code == 302) {
preg_match('/Location:(.*?)\n/', $header, $matches);
$newurl = trim(array_pop($matches));
} else {
$code = 0;
}
}
} while ($code && --$mr);
curl_close($rch);
if (!$mr) {
if ($maxredirect === null) {
trigger_error('Too many redirects. When following redirects, libcurl hit the maximum amount.', E_USER_WARNING);
} else {
$maxredirect = 0;
}
return false;
}
curl_setopt($ch, CURLOPT_URL, $newurl);
}
}
return curl_exec($ch);
}
?>
Adam Monsen ¶
12 years ago
CURLOPT_POST must be left unset if you want the Content-Type header set to "multipart/form-data" (e.g., when CURLOPT_POSTFIELDS is an array). If you set CURLOPT_POSTFIELDS to an array and have CURLOPT_POST set to TRUE, Content-Length will be -1 and most sane servers will reject the request. If you set CURLOPT_POSTFIELDS to an array and have CURLOPT_POST set to FALSE, cURL will send a GET request.
c00lways at gmail dot com ¶
16 years ago
if you would like to send xml request to a server (lets say, making a soap proxy),
you have to set
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER, Array("Content-Type: text/xml"));
?>
makesure you watch for cache issue:
the below code will prevent cache...
<?php
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
?>
hope it helps ;)
scy-phpmanual at scytale dot name ¶
13 years ago
In order to reset CURLOPT_HTTPHEADER, set it to array(). The cURL C API says you should set it to NULL, but that doesn’t work in the PHP wrapper.
rob ¶
15 years ago
Whats not mentioned in the documentation is that you have to set CURLOPT_COOKIEJAR to a file for the CURL handle to actually use cookies, if it is not set then cookies will not be parsed.
markandrewslade at gmail dot com ¶
7 years ago
Contrary to the documentation, CURLOPT_STDERR should be set to a handle to the file you want to write to, not the file's location.
ron at ttvavanti dot nl ¶
20 years ago
If you specify a CAINFO, note that the file must be in PEM format! (If not, it won't work).
Using Openssl you can use:
openssl x509 -in <cert> -inform d -outform PEM -out cert.pem
To create a pem formatted certificate from a binary certificate (the one you get if you download the ca somewhere).
fred at themancan dot com ¶
16 years ago
To find what encoding a given HTTP POST request uses is easy -- passing an array to CURLOPT_POSTFIELDS results in multipart/form-data:
<?php
curl_setopt(CURLOPT_POSTFIELDS, array('field1' => 'value'));
?>
Passing a URL-encoded string will result in application/x-www-form-urlencoded:
<?php
curl_setopt(CURLOPT_POSTFIELDS, array('field1=value&field2=value2'));
?>
I ran across this when integrating with both a warehouse system and an email system; neither would accept multipart/form-data, but both happily accepted application/x-www-form-urlencoded.
ROXORT at TGNOOB dot FR ¶
19 years ago
<?php
/*
Here is a script that is usefull to :
- login to a POST form,
- store a session cookie,
- download a file once logged in.
*/
// INIT CURL
$ch = curl_init();
// SET URL FOR THE POST FORM LOGIN
curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/Members/Login.php');
// ENABLE HTTP POST
curl_setopt ($ch, CURLOPT_POST, 1);
// SET POST PARAMETERS : FORM VALUES FOR EACH FIELD
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'fieldname1=fieldvalue1&fieldname2=fieldvalue2');
// IMITATE CLASSIC BROWSER'S BEHAVIOUR : HANDLE COOKIES
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
# Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
# not to print out the results of its query.
# Instead, it will return the results as a string return value
# from curl_exec() instead of the usual true/false.
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
// EXECUTE 1st REQUEST (FORM LOGIN)
$store = curl_exec ($ch);
// SET FILE TO DOWNLOAD
curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/Members/Downloads/AnnualReport.pdf');
// EXECUTE 2nd REQUEST (FILE DOWNLOAD)
$content = curl_exec ($ch);
// CLOSE CURL
curl_close ($ch);
/*
At this point you can do do whatever you want
with the downloaded file stored in $content :
display it, save it as file, and so on.
*/
?>
eion at bigfoot dot com ¶
17 years ago
If you are trying to use CURLOPT_FOLLOWLOCATION and you get this warning:
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set...
then you will want to read http://www.php.net/ChangeLog-4.php which says "Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled." as of PHP 4.4.4/5.1.5. This is due to the fact that curl is not part of PHP and doesn't know the values of open_basedir or safe_mode, so you could comprimise your webserver operating in safe_mode by redirecting (using header('Location: ...')) to "file://" urls, which curl would have gladly retrieved.
Until the curl extension is changed in PHP or curl (if it ever will) to deal with "Location:" headers, here is a far from perfect remake of the curl_exec function that I am using.
Since there's no curl_getopt function equivalent, you'll have to tweak the function to make it work for your specific use. As it is here, it returns the body of the response and not the header. It also doesn't deal with redirection urls with username and passwords in them.
<?php
function curl_redir_exec($ch)
{
static $curl_loops = 0;
static $curl_max_loops = 20;
if ($curl_loops++ >= $curl_max_loops)
{
$curl_loops = 0;
return FALSE;
}
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
list($header, $data) = explode("\n\n", $data, 2);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code == 301 || $http_code == 302)
{
$matches = array();
preg_match('/Location:(.*?)\n/', $header, $matches);
$url = @parse_url(trim(array_pop($matches)));
if (!$url)
{
//couldn't process the url to redirect to
$curl_loops = 0;
return $data;
}
$last_url = parse_url(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL));
if (!$url['scheme'])
$url['scheme'] = $last_url['scheme'];
if (!$url['host'])
$url['host'] = $last_url['host'];
if (!$url['path'])
$url['path'] = $last_url['path'];
$new_url = $url['scheme'] . '://' . $url['host'] . $url['path'] . ($url['query']?'?'.$url['query']:'');
curl_setopt($ch, CURLOPT_URL, $new_url);
debug('Redirecting to', $new_url);
return curl_redir_exec($ch);
} else {
$curl_loops=0;
return $data;
}
}
?>
shiplu at programmer dot net ¶
11 years ago
CURLOPT_POST should be set before CURLOPT_POSTFIELDS. Otherwise you might encounter 411 Length required error.
Following code generates "411 Length Required" on nginx/1.1.15
<?php
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postfields);
curl_setopt ($ch, CURLOPT_POST, 1);
?>
But this one works.
<?php
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postfields);
?>
Tyranoweb ¶
15 years ago
There is a function to send POST data in page with five parameters :
$post must be an array
$page is the page where POST datas will be send.
$n must be true to continue if they are php redirection (Location: )
$session must be define true if you want to use cookies
$referer must be a link to get a wrong referer or only to have a referer.
<?php
function curl_data_post($post, $page, $n, $session, $referer)
{
if(!is_array($post))
{
return false;
}
$DATA_POST = curl_init();
curl_setopt($DATA_POST, CURLOPT_RETURNTRANSFER, true);
curl_setopt($DATA_POST, CURLOPT_URL, $page);
curl_setopt($DATA_POST, CURLOPT_POST, true);
if($n)
{
curl_setopt($DATA_POST, CURLOPT_FOLLOWLOCATION, true);
}
if($session)
{
curl_setopt($DATA_POST, CURLOPT_COOKIEFILE, 'cookiefile.txt');
curl_setopt($DATA_POST, CURLOPT_COOKIEJAR, 'cookiefile.txt');
}
if($referer)
{
curl_setopt($DATA_POST, CURLOPT_REFERER, $referer);
}
curl_setopt($DATA_POST, CURLOPT_POSTFIELDS, $post);
$data = curl_exec($DATA_POST);
if($data == false)
{
echo'Warning : ' . curl_error($DATA_POST);
curl_close($DATA_POST);
return false;
}
else
{
curl_close($DATA_POST);
return $data;
}
}
?>
php at miggy dot org ¶
18 years ago
Note that if you want to use a proxy and use it as a _cache_, you'll have to do:
<?php curl_setopt($ch, CURLOPT_HTTPHEADER, array("Pragma: ")); ?>
else by default Curl puts a "Pragma: no-cache" header in and thus force cache misses for all requests.
joel at mojamail dot com ¶
6 years ago
In the long documentation, it's easy to miss the fact that CURLOPT_POSTFIELDS will set the Content-Type to "multipart/form-data" (instead of the usual "application/x-www-form-urlencoded") IFF you supply an array (instead of a query string)!
Some servers will return weird errors (like "SSL read: error:00000000:lib(0):func(0):reason(0), errno 104") for the wrong Content-Type, and you may waste many hours of time trying to figure out why!
qeremy [atta] gmail [dotta] com ¶
12 years ago
If you are trying to update something on your server and you need to handle this update operation by PUT;
<?php
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_PUT, 1);
?>
are "useless" without;
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT'));
?>
Example;
Updating a book data in database identified by "id 1";
--cURL Part--
<?php
$data = http_build_query($_POST);
// or
$data = http_build_query(array(
'name' => 'PHP in Action',
'price' => 10.9
));
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://api.localhost/rest/books/1");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT"); // no need anymore
// or
// curl_setopt($ch, CURLOPT_PUT, 1); // no need anymore
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$ce = curl_exec($ch);
curl_close($ch);
print_r($ce);
?>
--API class--
<?php
public function putAction() {
echo "putAction() -> id: ". $this->_getParam('id') ."\n";
print_r($_POST);
// do stuff with post data
...
?>
--Output--
putAction() -> id: 15
Array
(
[name] => PHP in Action
[price] => 10.9
)
---Keywords--
rest, restfull api, restfull put, curl put, curl customrequest put
Andrew ¶
15 years ago
I noticed that if you want to get current cookie file after curl_exec() - you need to close current curl handle (like it said in manual), but if you want cookies to be dumped to file after any curl_exec (without curl_close) you can:
<?php
#call it normally
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookiefile");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookiefile");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/');
$result1 = curl_exec($ch);
#and then make a temp copy
$ch_temp=curl_copy_handle(ch);
curl_close($ch);
$ch=$ch_temp;
?>
Only this way, if you close $ch_temp - cookies wont be dumped.
anonymous ¶
12 years ago
This may be not obvious, but if you specify the CURLOPT_POSTFIELDS and don't specify the CURLOPT_POST - it will still send POST, not GET (as you might think - since GET is default).
So the line:
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
is synonym to:
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
Even if you set the options like this (in this order):
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
it will send POST, since CURLOPT_POSTFIELDS is latter.
So if you want GET - make sure you don't have CURLOPT_POSTFIELDS specified somewhere.
ac at an dot y-co dot de ¶
16 years ago
If you want to connect to a server which requires that you identify yourself with a certificate, use following code. Your certificate and servers certificate are signed by an authority whose certificate is in ca.ctr.
<?php
curl_setopt($ch, CURLOPT_VERBOSE, '1');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '2');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '1');
curl_setopt($ch, CURLOPT_CAINFO, getcwd().'/cert/ca.crt');
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/cert/mycert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'password');
?>
If your original certificate is in .pfx format, you have to convert it to .pem using following commands
# openssl pkcs12 -in mycert.pfx -out mycert.key
# openssl rsa -in mycert.key -out mycert.pem
# openssl x509 -in mycert.key >> mycert.pem
Salil Kothadia ¶
16 years ago
In PHP5, for the "CURLOPT_POSTFIELDS" option, we can use:
<?php
$ch = curl_init($URI);
$Post = http_build_query($PostData);
curl_setopt($ch, CURLOPT_POSTFIELDS, $Post);
$Output = curl_exec($ch);
curl_close($ch);
?>
Madcat ¶
11 years ago
If you have a mixture of strings starting with @ (at character) and files in CURLOPT_POSTFIELDS you have a problem (such as posting a tweet with attached media) because curl tries to interpret anything starting with @ as a file.
<?php
$postfields = array(
'upload_file' => '@file_to_upload.png',
'upload_text' => '@text_to_upload'
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://example.com/upload-test');
curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields);
curl_exec($curl);
curl_close($curl);
?>
To get around this, prepend the text string with the NULL character like so:
<?php
$postfields = array(
'upload_file' => '@file_to_upload.png',
'upload_text' => sprintf("\0%s", '@text_to_upload')
);
?>
Original source: http://bit.ly/AntMle
Sylvain R ¶
15 years ago
When you are using CURLOPT_FILE to download directly into a file you must close the file handler after the curl_close() otherwise the file will be incomplete and you will not be able to use it until the end of the execution of the php process.
<?php
$fh = fopen('/tmp/foo', 'w');
$ch = curl_init('http://example.com/foo');
curl_setopt($ch, CURLOPT_FILE, $fh);
curl_exec($ch);
curl_close($ch);
# at this point your file is not complete and corrupted
fclose($fh);
# now you can use your file;
read_file('/tmp/foo');
?>
julien veneziano ¶
14 years ago
If you need to send deta in a DELETE request, use:
<?php
$request_body = 'some data';
$ch = curl_init('http://www.example.com');
curl_setopt($ch, CURLOPT_POSTFIELDS, $request_body);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
$response = curl_exec($ch);
var_dump($response);
?>
adrian at foeder dot de ¶
12 years ago
if you want to do a GET request with additional body data it will become tricky not to implicitly change the request to a POST, like many notes below correctly state.
So to do the analogy of command line's
curl -XGET 'http://example.org?foo=bar' -d '<baz>some additional data</baz>'
in PHP you'll do, besides your other necessary stuff,
<?php
curl_setopt($curlHandle, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($curlHandle, CURLOPT_POSTFIELDS, '<baz>some additional data</baz>');
?>
during my experiments, every other "similar" way, like e.g. CURLOPT_HTTPGET, didn't send the additional data or fell into POST.
alexchexes at gmail dot com ¶
1 year ago
If you want cURL to successfully write cookies to a file specified with CURLOPT_COOKIEJAR, ensure that cURL has the necessary permissions to modify the file if it already exists.
I spent nearly a day trying to understand why cURL wasn't saving cookies to an existing file, even though I could easily modify the exact same file using file_put_contents(). Moreover, cURL itself could create the same file and save cookies, but only if it didn't previously exist.
Ultimately, the issue was related to file ownership. I was working within WSL2, inside a symlinked Windows directory. The [automount]"metadata" in wsl.conf was not set, causing every file created from PHP to have the default owner, which differed from the user running PHP.
Once I configured wsl.conf and then changed the ownership of the entire directory to match the user running PHP, cookies were successfully written to any file without any issues.
Niki Romagnoli ¶
1 year ago
Set order when using CURLOPT_POST and CURLOPT_POSTFIELDS *matters*.
Setting CURL_POST to true will ERASE any previous CURLOPT_POSTFIELDS using an array. Result is request be a POST with empty body.
CURLOPT_POSTFIELDS will set CURLOPT_POST to true for you, no need for repeat.
If you really need to set both, then either:
- set CURLOPT_POST *before* CURLOPT_POSTFIELDS
- or don't use array and convert CURLOPT_POSTFIELDS to URL-encoded string, it will not be affected this way (ie. <?php curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($yourArray)); ?> )
urkle at outoforder dot cc ¶
15 years ago
To send a post as a different content-type (ie.. application/json or text/xml) add this setopt call
<?php
curl_setopt($ch, CURLOPT_HTTPHEADER,array('Content-Type: application/json'));
?>
