Execute a HTTP POST Using PHP CURL
A customer recently brought to me a unique challenge. My customer wants information request form data to be collected in a database. Nothing new, right? Well, there's a hurdle -- the information isn't going to be saved on the localhost database -- it needs to be stored in a remote database that I cannot connect directly to.
I thought about all of the possible solutions for solving this challenge and settled on this flow:
- User will submit the form, as usual.
- In the form processing PHP, I use cURL to execute a POST transmission to a PHP script on the customer's server.
- The remote script would do a MySQL INSERT query into the customer's private database.
This solution worked quite well so I thought I'd share it with you. Here's how you execute a POST using the PHP CURL library.
//extract data from the post
extract($_POST);
//set POST variables
$url = 'http://domain.com/get-post.php';
$fields = array(
'lname'=>urlencode($last_name),
'fname'=>urlencode($first_name),
'title'=>urlencode($title),
'company'=>urlencode($institution),
'age'=>urlencode($age),
'email'=>urlencode($email),
'phone'=>urlencode($phone)
);
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);How would you have solved this problem?
Comments
Be Heard!
Share your thoughts without being a jerk! And wrap your code in <code> tags, f00!
Well you’re basically calling a de facto web service. I hope they are escaping values that you’re passing. Your idea is simple enough tho if you’re going to be continually working with this remote database with limited access (are you working with a 3rd party?) you might want to use something a little more standard like SOAP or REST so that you can have error checking, etc.
PHP Curl is pretty nice.
Thank you for the suggestion Jay!
I like this solution. Thank-you very much for sharing.
However, it sounds a little shady that you need to post using curl. Traditionally the remote administrator would grant you access to perform mySQL inserts into the database.
Unless the remote administrator is destroying the company deliberately by completely blocking any web development for 14 months. Which is the case here. This would be the only way to create automation systems to submit forms to the site to increase productivity and eventually dispose of the administrator.
really nice explanation :) i like it
you can use $fields_string = implode(‘&’, $fields); instead of deleting the last ‘&’.
just a little quicker.
Or you can simply use http_build_query. Using implode won’t add the key, only the value.
@Sam: Absolutely. I’ve come to know impode() quite well in the past few months. Unfortunately, I can’t go back and change all my old code. Thanks for pointing this out though!
I have learned a lot from this article, thanks
A+ – Thanks for the sample.
hi david , i like your solution very much , but i need to ask you if i can use the same way with facebook , i mean to login to facebook using curl and how?
thanks rasha
@rasha: That would be worth a try. Let me know how it goes!
Hi david, thanks for sharing. I learned about this some time ago and used it to extract address book for gmail & yahoo! mail
Anyway, I learn some good ways from you in having cleaner coding. ^_^
Actually, the best way to turn that array into a properly escaped URL is http_build_query which takes care to escape everything properly.
Hi PHP experts,
I need to run a URL from a .php file. I dont need to grab its output or do anything.
All I want to do is just call a URL [e.g. http://www.topinews.com/story/15624/modify/dopublished/ ] so that the server receives a request for the URL and executes the request.
Any help would be great.
Thanks
Neeraj
I can see one major security flaw here.
If this were to be implemeted as an inlude or the likes, or even as part of another larger PHP file, this could be grounds for a big security issue.
Say the user had the variable $admin, which represent via boolean whether the current user has administrative permissions or not. I could POST admin=true, and since extract (without any second argument) overwrites existing variables, $admin would be true at that point. I’d just say assign specific variables to each individual option to be sent via cURL. Also, reading up, someone suggested implode(). This would not work. Implode() only joins the values of the array. I’d suggest either an array_walk() cycle, or the current method.
Thank you so much for the excellent post. It has helped a lot. I’m a little confused on how to work in the ‘implode’ function, and was hoping you could elaborate. When I trying using “$fields_string = implode(’&’, $fields);” I simply get the values stored in $value with ‘&’ signs between them. The $key variable is no where to be found when I echo $field_strings. Also, how would I insert the ‘=’ between $key and $value using the ‘implode’ function? Any and all help is most appreciated. Thank you and have a great night.
Hi david, i am having the same kind of challenge, exept.. i need to login first onto a site before i can make a post…
Example: You want to post on a forum.. So the url would be: http://www.your-forum.com..
the string would be: login_name=yourname&password=yourpassword..
after u did that, the url and the string has to change, and the ‘site’ must know you have already logged in…
its getting me crazy! what sollution would you use for this?
just an array with the urls and the strings hes going through?
Regards,
Laurens
em, wouldn’t it be just easier to urlencode in foreach cycle? less code, more readable.
btw thx)
hm.. my comments gone
Once again… Notice the large security flaw on line 2. There’s no reason to extract the variables, just use them in the current array, its much safer. If you don’t like using them from their current superglobal (I don’t know why not) then assign the entire array to a variable. Extracting them and possibly overwriting current scalar security variables is not a good idea whatsoever. Not only that, but especially for newbies at PHP, they might use this religiously.
Credits to the warning on the PHP extract page for this one…
Do not use extract() on untrusted data, like user-input ($_GET, …). If you do, for example, if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that’s defined in variables_order within the php.ini. (I’d suggest either changing or ridding this code snippet.)
Hi, when I use your code it works for the most part expect for the line:
print(“foreach($fields as $key=>$value) { $fields_string .= $key.’=’.$value.’&’; }”);
I’m not sure why this line doesn’t work. Any help?
@Boudga: Why are you trying to print() that?
David,
the rtrim() function returns the modified string. So you should use it like that:
$fields_string = rtrim($fields_string,’&’);
BTW I don’t think any webserver/scripting_language will bitch about an ending &
Thanks for your usefull howto,
P.
Hello,
I’m french, so I’m sorry for my schoolar english.
I think you can replace this
With php5, it exists the http_build_query(); function
$fields_string = http_build_query($fields);
The documentation is here => http://fr3.php.net/manual/fr/function.http-build-query.php
I hope that I am not irrelevant
Ciao ;)
You couldn’t use implode( ‘..’, $array ); as you would loose the array key indexes, so stick to what you are using :)
Instead of
May I suggest
It’s a little easier to read and saves a call to rtrim(). If you are strict or do not want to raise a php notice, place $sep=”; above the foreach() loop.
@Raphael Deschler: Yeah it works n I have used it last few days. And I say it _is_ relevant. Thanks m8.
Im gonna check it now, funny though my XAMPP mysql service isnt starting, I’ve clickd n waited a few times. nvm It happens sometimes. I’m pretty much used to Uniserver but .. anyway I’ll check this on my Uniserver n post a better comment next time. l8r.
Im working on a SugarCRM (I hate it) leadcapture from Drupal user registration module using the hook_user() and the drupal thing is done. But I have to send the data as POST coz thts how Sugar receives these stuff. Hope curl will get me outta Sugar so I could be off with better useful stuff in Drupal.
Its Gr8 solution ,i myself use the similar solution from past much time ,Just Now after googling i found out im not the only one lol :D
But my other problem is How to run a php at the background?
Tried with Cron Jobs but it restricts me to atleast of 1 minute when i want it to be 15 sec.
My script loads security numbers every 15 secs and based on that i want to send an Sms every 15 sec which is on external server . I done Everything Except how to execute my script after every 15 sec automatically at the server without interacting with it .
If anyone have a good solution mail me at depinder@gmail.com
Btw GR8 work David :)
Btw there is another small solution also if ignoring security issues :)
‘valueofvariable1′,
‘variable2′ => ‘valueofvariable2′
)
);
$opts = array(‘http’ =>
array(
‘method’ => ‘POST’,
‘header’ => ‘Content-type: application/x-www-form-urlencoded’,
‘content’ => $postdata
)
);
$context = stream_context_create($opts);
$result = file_get_contents(‘http://abc.com/anyscript.php’, false, $context);
?>
damn Let me post again
$postdata = http_build_query(
array(
‘variable1′ => ‘valueofvariable1′
‘variable2′ => ‘valueofvariable2′
)
);
$opts = array(‘http’ =>
array(
‘method’ => ‘POST’,
‘header’ => ‘Content-type: application/x-www-form-urlencoded’,
‘content’ => $postdata
)
);
$context = stream_context_create($opts);
$result = file_get_contents(‘http://yoursite.com/abc.php’, false, $context);
Another Way can be
$url = “http://Yoursite.com/abc.php”;
$useragent=”Fake Mozilla 5.0 “;
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,”variable1=valueofvariable”);
$result= curl_exec ($ch);
curl_close ($ch);
print $result;
hi,
i have doubts in php.i am going to use cURL for posting url.
but i tried so many ways,but it is not getting run it’s showing
error showing like this
Fatal error: Call to undefined function curl_init() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\newsms.php on line 4
please any body knows about this please let me know
please make it from beginning to end(upto run the php)
thanks and regards
vijay
i assume that you are using wamp. here follow the instruction to configure the curl package before running the curl function
Go to the ext directory of your php installation and copy php_curl.dll to the Windows/system32 folder after you have followed the advise given elsewhere.
So …
1) remove ‘;’ from extension=php_curl.dll in php.ini
2) ensure that ssleay32.dll and libeay32.dll are in Windows/system32.
3) Copy php_curl.dll into Windows\System32 as well.
also
You can check by creating a .php file with a phpinfo(); command in it.
Browse to this and search/look for curl on the resulting page.
If support is enabled, there will be a listing for it.
How to use it in a form. When do I do all the curl. I have a simple form which posts to itself. where do i use the urlencode? Any help will be appreciated.
Thanks
@Paolo Gabrielli: Good Call Paolo, I noticed the same thing, but hadn’t taken the time to figure out why it was happening. And David, since I am completely unable to remember the proper syntax for a curl call with post vars, I come back to reference this page about once a week. Thanks for posting it!
..so what about a http post WITHOUT using curl?
Exactly what I needed!
Thanks!
Hello
I am new user of curl functionality. can somebody help me with above define curl example
//extract data from the post
extract($_POST);
//set POST variables
$url = ‘http://domain.com/get-post.php’;
$fields = array(
‘lname’=>urlencode($last_name),
‘fname’=>urlencode($first_name),
‘title’=>urlencode($title),
‘company’=>urlencode($institution),
‘age’=>urlencode($age),
‘email’=>urlencode($email),
‘phone’=>urlencode($phone)
);
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.’=’.$value.’&’; }
rtrim($fields_string,’&’);
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
i will be very great full
Thanks and regards
Amit khurana
Hi David
I used your script above to send post data to a payment system but I want the user to be re-directed there with the post data as if they were submitting an html form. My aim is to create an order id in the local database and pick it up to send it on to the SagePay system. Is there a way to send the user with it rather than pulling the info from the target site?
what syntax highlighter are you using here, i like it.
This solutions is really helpful .. thanks to the creator .
Hello, nice script, It’s exactly what i was looking at!
Just one thing : to pass arrays using POST, i always do that in the first page :
$example = base64_encode(serialize($array));
where $array is…my array.
In the second one, who receive the POST data :
$reception = unserialize(base64_decode($ret_array));
This solution work with multidimensionnals too, no care of the array size, it works.
Hope this help!
Xavier
can use http_build_query () to url-ify the data for the POST
Thank you, helped me a lot!
This code was EXACTLY what I needed. Man, it’s good to have people like you around!
Cheers, mate!
James
I wonder why you count fields for CURLOPT_POST
as PHP manual
http://www.php.net/manual/en/function.curl-setopt.php
CURLOPT_POST should be set to ‘true’
additionally, CURLOPT_POSTFIELDS accepts array with the field name as key and field data as value
I second that, CURLOPT_POSTFIELDS accepts array.
Still, nice snippet.
Hey david, great post, question, are you using php –with-curlwrappers option?
hi Guys, I was searching for something and I landed here. In fact, I need to catch the send data from an http post (like the example above and not from a form). I am trying the $_POST and is not working. I tried to loop on $_REQUEST and also nothing. Can anyone help on how to catch this data?
Hi,
Great post! I have a couple questions. In my scenario Im submitting sign up for service, including cc info to a third party API. I just need to get the data there as their script will prep data for API. #1 is curl the best way to do this securely? (is https enough?) #2what steps do I need to do (if any) to my PHP library on my server. #3 Is this the best way to do this? BTW, Im a creative directory who because of lack of resources has been tasked with this!
Thanks!
How would you do this over an SSL? Would fsockopen be better for use over SSL?
thanks
Thanks you very much sir!..
I usualy use fsocks. But lately it seems much easier to just use curl. This post was well laid out and has had some great feedback also.
Thanks,
Joe
hi all,
good post, I’d like to know how can I do the same on login page
have any idea?
thanks
Hello sir
i am new in Cakephp framework, currently i am facing a problem.
Problem is that i am working on scrapping in cakephp and i am scrapping a site which is developed in .Net platform.
My problem is that how can i be logged in that .net site through php code means how to POST username and password on that site and response get back to on my site which is php site. After that i will scrape data from there and store it to DB.
Reference site link http://www.plentyoffish.com (.net site)
for example i am scrapping gmail account and logged in there from my php code but how it possible.
please help me
Thanks in advance
it is modified version of your code. This will return values after a http post request.
function execPostRequest($url,$post_array){
if(empty($url)){ return false;}
$fields_string =http_build_query($post_array);
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
return $result;
}
Copy code to clipboard not working on FF (at Ubuntu)
Is it save to use explode() on post data? Could give the user quite some power over your script won’t it?
David,
Are you able to extend this code so that the http post is sent via a proxy (with a username and password authentication)?
Cheers,
Ariel
Thanks! this is what i was searching for
Why do urlencode for the ‘name’, ‘email’ etc.? What if all I know is the names of the fields at the remote server. They are not using variables to receive, ie. $last_name.
Just wanted to say thanks for the post. It was really useful, since I’m using it in a form to send information back to the main form page to say whether or not all form fields were completed. Keep up the quality work!
oh thank you so much for this! im really looking examples like this..
Thank you!! I was finding this code all night long.
It is working perfect. THANKS! :-)
Greetings from Czech Republic
I am trying to use cURL from my office…and tried 4-5 examples…everytime it returns “bool(false)”..i am sure that CURL is installed and working (saw in phpinfo())…what could be the problem ?? is it mean that curl uses some port..and that has been blocked by my company ?? what could be the possible error ??
If I was ever to have a man-crush it would be on you bro. Thank you – it is rare that code just works first time.
What prevents someone with development experience or a tool like Firebug from seeing the webservice url and response format and just compiling a script to hit it over and over again with spam? Is there a way to secure it in this way?
I am needing to do something similar but need the security so that people can’t exploit the open service. Thoughts and advice would be great.
Hello, Nice informative tutorial. I just have a better piece of code to share (you can say, the right way would be using array of parameters instead of rtrim-ing the string) – we can use this one:
//url-ify the data for the POST$params = array();
foreach($fields as $key=>$value) { array_push($params, $key.'='.$value); }
$params = implode('&', $params);
instead of:
//url-ify the data for the POSTforeach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');
Thanks.
http://www.yahoo.co.in
Just used your piece of code in my app. Thanks! :)
or, I just used the class fined from the php classs net which named curl_http_client-2008-02-28, it may be helpful
i want to code in zip.
In response to the above suggestion to use SOAP or direct db connection; this is not always an option as many systems allow only posting of data. Leads360 for example only accepts (to my knowledge) data submitted via POST.
I used the CURL in this article to set a script up as follows:
1. Form is process by JavaScript using jQuery Ajax.
2. This will send the data to a PHP script for processing
3. PHP script will post to the URL using CURL
4. PHP handles response from server
5. Sends response to Ajax
6. Ajax displays success/fail and modifies page accordingly.
Hi,
I executed the above code posting of PHP array to URL using CURL , But I am getting this error , Please Help me :((((
Whoops! We’ve Encountered an Error!
Error Details have been sent to the Administrator.
Could not create type ‘LeftField.PageLime.Web.API.Account.Site’.
Hopefully this is a one time problem, but in the mean time, our development team will receive a message detailing the problem. Rest assured – we will squash any bugs.
Hello David,
First off, great blog with great resources for front and backend developers! Not the first time I’ve been here.
My question is, can you perform a cUrl post from a secure environment (https), to a http-webpage?
Because I need to be able to do this in a facebook iframe (hence October 1st secure connections are mandatory).
Thanks in advance!
Through this post I would like to share a problem with you, hope you would consider it and place it on high priorities Its a bit of tricky problem that I am facing in these days.
The problem is that:
I have a contact us form on wordpress website that needs to be submitted and perform two functions on click..
1. execute a function to send an email on certain email id. (This is done by using basic php mail function.)
2. send that submitted infomation to a remote server that is a CRM application.
That submitted info should be appeared into its LEAD listing page.
I already have tried $curl_post function to fix this problem but I could not be able to resolve this problem.
I do expect it from you may have some smart solution for this.
Your response would be highly appreciated.
Best regards,
write a function that will run on form post that posts to both places. i’ve done this many times before.
Thanks man. You saved my life.
Very useful script. A pity that it isn’t solving all the issues I were having, but I’m kind of figuring that I’m now running into either a PhpBB-issue, or possibly a cURL issue.
Thank you =)
HI,
i want to send the content of my dynamic webpage to the email and when i send it through this function,i received ’1′ in the mail.why
i want to send the the content of dynamic webpage to email using php script.i used this script but its not getting the value stored in the variable …please help
I guess getting some thing authentic or even significant to offer facts about is the most important aspect.
I wish mine had a very successful operation there may be such abilities.
Hi, thanks for your post!
Wouldn’t it be easier to build the POST string with the following, instead of a foreach?
$fields_string = implode(“&=”, $fields);
Hem… sorry, didn’t quite think thoroughly about it… could you please delete my post ?
Please am having these error
Undefined variable: fields_string
i am trying to send the variable to these paypal page(https://www.paypal.com/cgi-bin/webscr) and please how can i make redirected there
Hi,my problem is i want to submit a form in background that means we simply call a url ,automatically first page load than form submit and all posted data saved in database. It works fine if i execute same url in browser(direct),but i want
this work done in background mode.lots of coding in javasript onload event
Any idea,share with me