Execute a HTTP POST Using PHP CURL

Well you’re basically calling a de facto web service. I hope they are escaping values that you’re passing. Your idea is simple enough tho if you’re going to be continually working with this remote database with limited access (are you working with a 3rd party?) you might want to use something a little more standard like SOAP or REST so that you can have error checking, etc.

PHP Curl is pretty nice.

I like this solution. Thank-you very much for sharing.

However, it sounds a little shady that you need to post using curl. Traditionally the remote administrator would grant you access to perform mySQL inserts into the database.

really nice explanation :) i like it

you can use $fields_string = implode(‘&’, $fields); instead of deleting the last ‘&’.
just a little quicker.

I have learned a lot from this article, thanks

A+ – Thanks for the sample.

hi david , i like your solution very much , but i need to ask you if i can use the same way with facebook , i mean to login to facebook using curl and how?
thanks rasha

Hi david, thanks for sharing. I learned about this some time ago and used it to extract address book for gmail & yahoo! mail

Anyway, I learn some good ways from you in having cleaner coding. ^_^

Actually, the best way to turn that array into a properly escaped URL is http_build_query which takes care to escape everything properly.

Hi PHP experts,

I need to run a URL from a .php file. I dont need to grab its output or do anything.

All I want to do is just call a URL [e.g. http://www.topinews.com/story/15624/modify/dopublished/ ] so that the server receives a request for the URL and executes the request.

Any help would be great.
Thanks
Neeraj

I can see one major security flaw here.
If this were to be implemeted as an inlude or the likes, or even as part of another larger PHP file, this could be grounds for a big security issue.
Say the user had the variable $admin, which represent via boolean whether the current user has administrative permissions or not. I could POST admin=true, and since extract (without any second argument) overwrites existing variables, $admin would be true at that point. I’d just say assign specific variables to each individual option to be sent via cURL. Also, reading up, someone suggested implode(). This would not work. Implode() only joins the values of the array. I’d suggest either an array_walk() cycle, or the current method.

Thank you so much for the excellent post. It has helped a lot. I’m a little confused on how to work in the ‘implode’ function, and was hoping you could elaborate. When I trying using “$fields_string = implode(’&’, $fields);” I simply get the values stored in $value with ‘&’ signs between them. The $key variable is no where to be found when I echo $field_strings. Also, how would I insert the ‘=’ between $key and $value using the ‘implode’ function? Any and all help is most appreciated. Thank you and have a great night.

Hi david, i am having the same kind of challenge, exept.. i need to login first onto a site before i can make a post…

Example: You want to post on a forum.. So the url would be: http://www.your-forum.com..
the string would be: login_name=yourname&password=yourpassword..

after u did that, the url and the string has to change, and the ’site’ must know you have already logged in…

its getting me crazy! what sollution would you use for this?
just an array with the urls and the strings hes going through?

Regards,
Laurens

em, wouldn’t it be just easier to urlencode in foreach cycle? less code, more readable.

btw thx)

hm.. my comments gone

Once again… Notice the large security flaw on line 2. There’s no reason to extract the variables, just use them in the current array, its much safer. If you don’t like using them from their current superglobal (I don’t know why not) then assign the entire array to a variable. Extracting them and possibly overwriting current scalar security variables is not a good idea whatsoever. Not only that, but especially for newbies at PHP, they might use this religiously.

Credits to the warning on the PHP extract page for this one…
Do not use extract() on untrusted data, like user-input ($_GET, …). If you do, for example, if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that’s defined in variables_order within the php.ini. (I’d suggest either changing or ridding this code snippet.)

Hi, when I use your code it works for the most part expect for the line:

print(“foreach($fields as $key=>$value) { $fields_string .= $key.’=’.$value.’&’; }”);

I’m not sure why this line doesn’t work. Any help?

David,
the rtrim() function returns the modified string. So you should use it like that:
$fields_string = rtrim($fields_string,’&’);
BTW I don’t think any webserver/scripting_language will bitch about an ending &

Thanks for your usefull howto,
P.

Hello,

I’m french, so I’m sorry for my schoolar english.

I think you can replace this

foreach($fields as $key=>$value) {
$fields_string .= $key.’=’.$value.’&’;
}
18.rtrim($fields_string,’&’);

With php5, it exists the http_build_query(); function

$fields_string = http_build_query($fields);

The documentation is here => http://fr3.php.net/manual/fr/function.http-build-query.php

I hope that I am not irrelevant

Ciao ;)

You couldn’t use implode( ‘..’, $array ); as you would loose the array key indexes, so stick to what you are using :)

Instead of

foreach($fields as $key=>$value) { $fields_string .= $key.’=’.$value.’&’; }
rtrim($fields_string,’&’);

May I suggest

foreach($fields as $key=>$value) { $fields_string .= $sep.$key.’=’.$value; $sep=’&’; }

It’s a little easier to read and saves a call to rtrim(). If you are strict or do not want to raise a php notice, place $sep=”; above the foreach() loop.

@Raphael Deschler: Yeah it works n I have used it last few days. And I say it _is_ relevant. Thanks m8.

Im gonna check it now, funny though my XAMPP mysql service isnt starting, I’ve clickd n waited a few times. nvm It happens sometimes. I’m pretty much used to Uniserver but .. anyway I’ll check this on my Uniserver n post a better comment next time. l8r.

Im working on a SugarCRM (I hate it) leadcapture from Drupal user registration module using the hook_user() and the drupal thing is done. But I have to send the data as POST coz thts how Sugar receives these stuff. Hope curl will get me outta Sugar so I could be off with better useful stuff in Drupal.

Its Gr8 solution ,i myself use the similar solution from past much time ,Just Now after googling i found out im not the only one lol :D

But my other problem is How to run a php at the background?
Tried with Cron Jobs but it restricts me to atleast of 1 minute when i want it to be 15 sec.
My script loads security numbers every 15 secs and based on that i want to send an Sms every 15 sec which is on external server . I done Everything Except how to execute my script after every 15 sec automatically at the server without interacting with it .
If anyone have a good solution mail me at depinder@gmail.com

Btw GR8 work David :)

Btw there is another small solution also if ignoring security issues :)

‘valueofvariable1′,
‘variable2′ => ‘valueofvariable2′
)
);
$opts = array(‘http’ =>
array(
‘method’ => ‘POST’,
‘header’ => ‘Content-type: application/x-www-form-urlencoded’,
‘content’ => $postdata
)
);
$context = stream_context_create($opts);
$result = file_get_contents(‘http://abc.com/anyscript.php’, false, $context);

?>

damn Let me post again

$postdata = http_build_query(
array(
‘variable1′ => ‘valueofvariable1′
‘variable2′ => ‘valueofvariable2′
)
);
$opts = array(‘http’ =>
array(
‘method’ => ‘POST’,
‘header’ => ‘Content-type: application/x-www-form-urlencoded’,
‘content’ => $postdata
)
);

$context = stream_context_create($opts);
$result = file_get_contents(‘http://yoursite.com/abc.php’, false, $context);

Another Way can be

$url = “http://Yoursite.com/abc.php”;
$useragent=”Fake Mozilla 5.0 “;
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,”variable1=valueofvariable”);
$result= curl_exec ($ch);
curl_close ($ch);
print $result;

hi,
i have doubts in php.i am going to use cURL for posting url.
but i tried so many ways,but it is not getting run it’s showing
error showing like this

Fatal error: Call to undefined function curl_init() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\newsms.php on line 4

please any body knows about this please let me know

please make it from beginning to end(upto run the php)

thanks and regards
vijay

How to use it in a form. When do I do all the curl. I have a simple form which posts to itself. where do i use the urlencode? Any help will be appreciated.

Thanks

@Paolo Gabrielli: Good Call Paolo, I noticed the same thing, but hadn’t taken the time to figure out why it was happening. And David, since I am completely unable to remember the proper syntax for a curl call with post vars, I come back to reference this page about once a week. Thanks for posting it!

..so what about a http post WITHOUT using curl?

Exactly what I needed!

Thanks!

Hello

I am new user of curl functionality. can somebody help me with above define curl example

//extract data from the post
extract($_POST);

//set POST variables
$url = ‘http://domain.com/get-post.php’;
$fields = array(
‘lname’=>urlencode($last_name),
‘fname’=>urlencode($first_name),
‘title’=>urlencode($title),
‘company’=>urlencode($institution),
‘age’=>urlencode($age),
‘email’=>urlencode($email),
‘phone’=>urlencode($phone)
);

//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.’=’.$value.’&’; }
rtrim($fields_string,’&’);

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);

i will be very great full

Thanks and regards
Amit khurana

$fields_string is being appended before you initialize it.