Execute a HTTP POST Using PHP CURL
A customer recently brought to me a unique challenge. My customer wants information request form data to be collected in a database. Nothing new, right? Well, there's a hurdle -- the information isn't going to be saved on the localhost database -- it needs to be stored in a remote database that I cannot connect directly to.
I thought about all of the possible solutions for solving this challenge and settled on this flow:
- User will submit the form, as usual.
- In the form processing PHP, I use cURL to execute a POST transmission to a PHP script on the customer's server.
- The remote script would do a MySQL INSERT query into the customer's private database.
This solution worked quite well so I thought I'd share it with you. Here's how you execute a POST using the PHP CURL library.
//extract data from the post //set POST variables $url = 'http://domain.com/get-post.php'; $fields = array( 'lname' => urlencode($_POST['last_name']), 'fname' => urlencode($_POST['first_name']), 'title' => urlencode($_POST['title']), 'company' => urlencode($_POST['institution']), 'age' => urlencode($_POST['age']), 'email' => urlencode($_POST['email']), 'phone' => urlencode($_POST['phone']) ); //url-ify the data for the POST foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } rtrim($fields_string, '&'); //open connection $ch = curl_init(); //set the url, number of POST vars, POST data curl_setopt($ch,CURLOPT_URL, $url); curl_setopt($ch,CURLOPT_POST, count($fields)); curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); //execute post $result = curl_exec($ch); //close connection curl_close($ch);
How would you have solved this problem?
Well you’re basically calling a de facto web service. I hope they are escaping values that you’re passing. Your idea is simple enough tho if you’re going to be continually working with this remote database with limited access (are you working with a 3rd party?) you might want to use something a little more standard like SOAP or REST so that you can have error checking, etc.
PHP Curl is pretty nice.
Hello Jay, have you some documentation of rest and php? I can´t find something really usesfull for rest.
My problem is than i have to send a json to a rest server… but i really don’t know how.
I really apreciate if you have some info about.
Tnks
Thank you for the suggestion Jay!
I like this solution. Thank-you very much for sharing.
However, it sounds a little shady that you need to post using curl. Traditionally the remote administrator would grant you access to perform mySQL inserts into the database.
Unless the remote administrator is destroying the company deliberately by completely blocking any web development for 14 months. Which is the case here. This would be the only way to create automation systems to submit forms to the site to increase productivity and eventually dispose of the administrator.
As I can’t see anything involving date….
This is very common practice. You are describing an API, an intermediary that allows developers access to database information (for read and write, sometimes delete) without giving you database access. This further allows for some pretty cool security delegations when you couple Stored Procedures to the mix.
You make a request to an endpoint (e.g. http://mysite.com/api/v1/Example) and pass through arguments (this can be done through POST or GET, though I use a 3 file API system [1 base class containing a majority of the info, an extended class for construction, and then the implementation script]). You pass your verbs and arguments to the endpoint, and you have your first API. This means you now have access to your database, without needing to share DB credentials. Further, you dictate how your class can and will be used. Its really cool :)
really nice explanation :) i like it
you can use $fields_string = implode(‘&’, $fields); instead of deleting the last ‘&’.
just a little quicker.
Or you can simply use http_build_query. Using implode won’t add the key, only the value.
Dan’s suggestion will also deal with situations where you are posting arrays like multiple values in
email_list[]
. Code as it exists above results inemail_list
collapsing to a value ofArray
instead of the values in the array.@Sam: Absolutely. I’ve come to know impode() quite well in the past few months. Unfortunately, I can’t go back and change all my old code. Thanks for pointing this out though!
I have learned a lot from this article, thanks
A+ – Thanks for the sample.
hi david , i like your solution very much , but i need to ask you if i can use the same way with facebook , i mean to login to facebook using curl and how?
thanks rasha
@rasha: That would be worth a try. Let me know how it goes!
cURL POST may not work in https hosted sites as data is encrypted while sending over https.
Hi david, thanks for sharing. I learned about this some time ago and used it to extract address book for gmail & yahoo! mail
Anyway, I learn some good ways from you in having cleaner coding. ^_^
Actually, the best way to turn that array into a properly escaped URL is http_build_query which takes care to escape everything properly.
Hi PHP experts,
I need to run a URL from a .php file. I dont need to grab its output or do anything.
All I want to do is just call a URL [e.g. http://www.topinews.com/story/15624/modify/dopublished/ ] so that the server receives a request for the URL and executes the request.
Any help would be great.
Thanks
Neeraj
is your solution ;)
I can see one major security flaw here.
If this were to be implemeted as an inlude or the likes, or even as part of another larger PHP file, this could be grounds for a big security issue.
Say the user had the variable $admin, which represent via boolean whether the current user has administrative permissions or not. I could POST admin=true, and since extract (without any second argument) overwrites existing variables, $admin would be true at that point. I’d just say assign specific variables to each individual option to be sent via cURL. Also, reading up, someone suggested implode(). This would not work. Implode() only joins the values of the array. I’d suggest either an array_walk() cycle, or the current method.
Realizing this comment is 5 years old, I don’t think this is correct. In the above example you wouldn’t be setting
$admin
to"true"
, you’d be setting$_POST['admin']
totrue
. The receiving side code would have to explicitly accept the $_POST variable.@Kane: This is not correct.
extract($_POST)
would extract all variables from the array into global or local variables named after their key in the array and with the according value. So$_POST['admin']
would really be converted into a variable$admin
which could indeed be a security flaw.Thank you so much for the excellent post. It has helped a lot. I’m a little confused on how to work in the
implode
function, and was hoping you could elaborate. When I trying using$fields_string = implode(’&’, $fields);
I simply get the values stored in$value
with&
signs between them. The $key variable is no where to be found when Iecho $field_strings
. Also, how would I insert the=
between$key
and$value
using theimplode
function? Any and all help is most appreciated. Thank you and have a great night.Hi david, i am having the same kind of challenge, exept.. i need to login first onto a site before i can make a post…
Example: You want to post on a forum.. So the url would be: http://www.your-forum.com..
the string would be: login_name=yourname&password=yourpassword..
after u did that, the url and the string has to change, and the ‘site’ must know you have already logged in…
its getting me crazy! what sollution would you use for this?
just an array with the urls and the strings hes going through?
Regards,
Laurens
em, wouldn’t it be just easier to urlencode in foreach cycle? less code, more readable.
btw thx)
hm.. my comments gone
Once again… Notice the large security flaw on line 2. There’s no reason to extract the variables, just use them in the current array, its much safer. If you don’t like using them from their current superglobal (I don’t know why not) then assign the entire array to a variable. Extracting them and possibly overwriting current scalar security variables is not a good idea whatsoever. Not only that, but especially for newbies at PHP, they might use this religiously.
Credits to the warning on the PHP extract page for this one…
Do not use extract() on untrusted data, like user-input ($_GET, …). If you do, for example, if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that’s defined in variables_order within the php.ini. (I’d suggest either changing or ridding this code snippet.)
Hi, when I use your code it works for the most part expect for the line:
I’m not sure why this line doesn’t work. Any help?
@Boudga: Why are you trying to print() that?
David,
the
rtrim()
function returns the modified string. So you should use it like that:BTW I don’t think any webserver/scripting_language will bitch about an ending &
Thanks for your usefull howto,
P.
Hello,
I’m french, so I’m sorry for my schoolar english.
I think you can replace this
With php5, it exists the
http_build_query();
functionThe documentation is here
=>
http://fr3.php.net/manual/fr/function.http-build-query.phpI hope that I am not irrelevant
Ciao ;)
You couldn’t use
implode( '..', $array );
as you would loose the array key indexes, so stick to what you are using :)Instead of
May I suggest
It’s a little easier to read and saves a call to rtrim(). If you are strict or do not want to raise a php notice, place $sep=”; above the foreach() loop.
@Raphael Deschler: Yeah it works n I have used it last few days. And I say it _is_ relevant. Thanks m8.
Im gonna check it now, funny though my XAMPP mysql service isnt starting, I’ve clickd n waited a few times. nvm It happens sometimes. I’m pretty much used to Uniserver but .. anyway I’ll check this on my Uniserver n post a better comment next time. l8r.
Im working on a SugarCRM (I hate it) leadcapture from Drupal user registration module using the hook_user() and the drupal thing is done. But I have to send the data as POST coz thts how Sugar receives these stuff. Hope curl will get me outta Sugar so I could be off with better useful stuff in Drupal.
Its Gr8 solution ,i myself use the similar solution from past much time ,Just Now after googling i found out im not the only one lol :D
But my other problem is How to run a php at the background?
Tried with Cron Jobs but it restricts me to atleast of 1 minute when i want it to be 15 sec.
My script loads security numbers every 15 secs and based on that i want to send an Sms every 15 sec which is on external server . I done Everything Except how to execute my script after every 15 sec automatically at the server without interacting with it .
If anyone have a good solution mail me at depinder@gmail.com
Btw GR8 work David :)
Btw there is another small solution also if ignoring security issues :)
damn Let me post again
Another Way can be
hi,
i have doubts in php.i am going to use cURL for posting url.
but i tried so many ways,but it is not getting run it’s showing
error showing like this
Fatal error: Call to undefined function curl_init() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\newsms.php on line 4
please any body knows about this please let me know
please make it from beginning to end(upto run the php)
thanks and regards
vijay
i assume that you are using wamp. here follow the instruction to configure the curl package before running the curl function
Go to the ext directory of your php installation and copy php_curl.dll to the Windows/system32 folder after you have followed the advise given elsewhere.
So …
1) remove ‘;’ from extension=php_curl.dll in php.ini
2) ensure that ssleay32.dll and libeay32.dll are in Windows/system32.
3) Copy php_curl.dll into Windows\System32 as well.
also
You can check by creating a .php file with a phpinfo(); command in it.
Browse to this and search/look for curl on the resulting page.
If support is enabled, there will be a listing for it.
How to use it in a form. When do I do all the curl. I have a simple form which posts to itself. where do i use the urlencode? Any help will be appreciated.
Thanks
@Paolo Gabrielli: Good Call Paolo, I noticed the same thing, but hadn’t taken the time to figure out why it was happening. And David, since I am completely unable to remember the proper syntax for a curl call with post vars, I come back to reference this page about once a week. Thanks for posting it!
..so what about a http post WITHOUT using curl?
Exactly what I needed!
Thanks!
Hello
I am new user of curl functionality. can somebody help me with above define curl example
i will be very great full
Thanks and regards
Amit khurana
Hi David
I used your script above to send post data to a payment system but I want the user to be re-directed there with the post data as if they were submitting an html form. My aim is to create an order id in the local database and pick it up to send it on to the SagePay system. Is there a way to send the user with it rather than pulling the info from the target site?
what syntax highlighter are you using here, i like it.
This solutions is really helpful .. thanks to the creator .
Hello, nice script, It’s exactly what i was looking at!
Just one thing : to pass arrays using POST, i always do that in the first page :
where
$array
is…my array.In the second one, who receive the POST data :
This solution work with multidimensionnals too, no care of the array size, it works.
Hope this help!
Xavier
can use http_build_query () to url-ify the data for the POST
Thank you, helped me a lot!
This code was EXACTLY what I needed. Man, it’s good to have people like you around!
Cheers, mate!
James
I wonder why you count fields for CURLOPT_POST
as PHP manual
http://www.php.net/manual/en/function.curl-setopt.php
CURLOPT_POST should be set to ‘true’
additionally, CURLOPT_POSTFIELDS accepts array with the field name as key and field data as value
I second that, CURLOPT_POSTFIELDS accepts array.
Still, nice snippet.
Hey david, great post, question, are you using php –with-curlwrappers option?
hi Guys, I was searching for something and I landed here. In fact, I need to catch the send data from an http post (like the example above and not from a form). I am trying the
$_POST
and is not working. I tried to loop on$_REQUEST
and also nothing. Can anyone help on how to catch this data?Hi,
Great post! I have a couple questions. In my scenario Im submitting sign up for service, including cc info to a third party API. I just need to get the data there as their script will prep data for API. #1 is curl the best way to do this securely? (is https enough?) #2what steps do I need to do (if any) to my PHP library on my server. #3 Is this the best way to do this? BTW, Im a creative directory who because of lack of resources has been tasked with this!
Thanks!
How would you do this over an SSL? Would fsockopen be better for use over SSL?
thanks
Thanks you very much sir!..
I usualy use fsocks. But lately it seems much easier to just use curl. This post was well laid out and has had some great feedback also.
Thanks,
Joe
hi all,
good post, I’d like to know how can I do the same on login page
have any idea?
thanks
Hello sir
i am new in Cakephp framework, currently i am facing a problem.
Problem is that i am working on scrapping in cakephp and i am scrapping a site which is developed in .Net platform.
My problem is that how can i be logged in that .net site through php code means how to POST username and password on that site and response get back to on my site which is php site. After that i will scrape data from there and store it to DB.
Reference site link http://www.plentyoffish.com (.net site)
for example i am scrapping gmail account and logged in there from my php code but how it possible.
please help me
Thanks in advance
it is modified version of your code. This will return values after a http post request.
Copy code to clipboard not working on FF (at Ubuntu)
Is it save to use explode() on post data? Could give the user quite some power over your script won’t it?
David,
Are you able to extend this code so that the http post is sent via a proxy (with a username and password authentication)?
Cheers,
Ariel
Thanks! this is what i was searching for
Why do urlencode for the ‘name’, ’email’ etc.? What if all I know is the names of the fields at the remote server. They are not using variables to receive, ie. $last_name.
Just wanted to say thanks for the post. It was really useful, since I’m using it in a form to send information back to the main form page to say whether or not all form fields were completed. Keep up the quality work!
oh thank you so much for this! im really looking examples like this..
Thank you!! I was finding this code all night long.
It is working perfect. THANKS! :-)
Greetings from Czech Republic
I am trying to use cURL from my office…and tried 4-5 examples…everytime it returns “bool(false)”..i am sure that CURL is installed and working (saw in phpinfo())…what could be the problem ?? is it mean that curl uses some port..and that has been blocked by my company ?? what could be the possible error ??
If I was ever to have a man-crush it would be on you bro. Thank you – it is rare that code just works first time.
What prevents someone with development experience or a tool like Firebug from seeing the webservice url and response format and just compiling a script to hit it over and over again with spam? Is there a way to secure it in this way?
I am needing to do something similar but need the security so that people can’t exploit the open service. Thoughts and advice would be great.
Hello, Nice informative tutorial. I just have a better piece of code to share (you can say, the right way would be using array of parameters instead of rtrim-ing the string) – we can use this one:
//url-ify the data for the POST
$params = array();
foreach($fields as $key=>$value) { array_push($params, $key.'='.$value); }
$params = implode('&', $params);
instead of:
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');
Thanks.
http://www.yahoo.co.in
Just used your piece of code in my app. Thanks! :)
or, I just used the class fined from the php classs net which named curl_http_client-2008-02-28, it may be helpful
i want to code in zip.
In response to the above suggestion to use SOAP or direct db connection; this is not always an option as many systems allow only posting of data. Leads360 for example only accepts (to my knowledge) data submitted via POST.
I used the CURL in this article to set a script up as follows:
1. Form is process by JavaScript using jQuery Ajax.
2. This will send the data to a PHP script for processing
3. PHP script will post to the URL using CURL
4. PHP handles response from server
5. Sends response to Ajax
6. Ajax displays success/fail and modifies page accordingly.
Hi,
I executed the above code posting of PHP array to URL using CURL , But I am getting this error , Please Help me :((((
Whoops! We’ve Encountered an Error!
Error Details have been sent to the Administrator.
Could not create type ‘LeftField.PageLime.Web.API.Account.Site’.
Hopefully this is a one time problem, but in the mean time, our development team will receive a message detailing the problem. Rest assured – we will squash any bugs.
Hello David,
First off, great blog with great resources for front and backend developers! Not the first time I’ve been here.
My question is, can you perform a cUrl post from a secure environment (https), to a http-webpage?
Because I need to be able to do this in a facebook iframe (hence October 1st secure connections are mandatory).
Thanks in advance!
Through this post I would like to share a problem with you, hope you would consider it and place it on high priorities Its a bit of tricky problem that I am facing in these days.
The problem is that:
I have a contact us form on wordpress website that needs to be submitted and perform two functions on click..
1. execute a function to send an email on certain email id. (This is done by using basic php mail function.)
2. send that submitted infomation to a remote server that is a CRM application.
That submitted info should be appeared into its LEAD listing page.
I already have tried $curl_post function to fix this problem but I could not be able to resolve this problem.
I do expect it from you may have some smart solution for this.
Your response would be highly appreciated.
Best regards,
write a function that will run on form post that posts to both places. i’ve done this many times before.
Thanks man. You saved my life.
Very useful script. A pity that it isn’t solving all the issues I were having, but I’m kind of figuring that I’m now running into either a PhpBB-issue, or possibly a cURL issue.
Thank you =)
HI,
i want to send the content of my dynamic webpage to the email and when i send it through this function,i received ‘1’ in the mail.why
i want to send the the content of dynamic webpage to email using php script.i used this script but its not getting the value stored in the variable …please help
I guess getting some thing authentic or even significant to offer facts about is the most important aspect.
I wish mine had a very successful operation there may be such abilities.
Hi, thanks for your post!
Wouldn’t it be easier to build the POST string with the following, instead of a foreach?
$fields_string = implode(“&=”, $fields);
Hem… sorry, didn’t quite think thoroughly about it… could you please delete my post ?
Please am having these error
Undefined variable: fields_string
i am trying to send the variable to these paypal page(https://www.paypal.com/cgi-bin/webscr) and please how can i make redirected there
Hi,my problem is i want to submit a form in background that means we simply call a url ,automatically first page load than form submit and all posted data saved in database. It works fine if i execute same url in browser(direct),but i want
this work done in background mode.lots of coding in javasript onload event
Any idea,share with me
Hi ,
I have use the following CURL code. after submitting the form the error is occuring..
Notice: Use of undefined constant request_type – assumed ‘request_type’ in C:\wamp\www\New\CUGet.php on line 7
do u have any idea for this.. i am php beginner .. please help me.. Thanks in advance..
Thank you for this! I was completely stumped on the syntax and this cleared it up for me.
Hi! I did something like this:
you don’t need to urlencode, reparse objects, url-ify fields, the data travel “encrypted” and you can send more complex data structures
regards!
As for the original author post.
Instead of for() loop for enumerating parameters into string, I’d use http_build_query($params_array). It actually does the same.
Regards.
I was trying to use curl for the first time. It worked for me but it printed the content even if I didn’t want it to. So i googled and fond this result
Adding the above line will help to prevent return value from printing
I found that we can’t setup $_SESSION[variables] using curl request.
dude you are awsome..!!!, you save my day..
Hi brother really it was helpful for me and little correction
$fields_string = ”;
foreach ($z as $key => $value) {
$fields_string .= $key . ‘=’ . $value . ‘&’;
}
$y = rtrim($fields_string, ‘&’);
Thanks. Got my pointed in the right direction.
Thank you for this! I was completely stumped on the syntax and this cleared it up for me.
hello i want to redirect to one url and i want to sent data along the redirection but only in post
can i do it with curl
or anything else i can use.
I simply wanted to say thanks once again. I am not sure the things that Write-up would have followed in the absence of the entire information shared by you concerning such situation. It seemed to be an absolute alarming concern in my opinion, but understanding a new well-written strategy users handled that forced use to cry over delight. I am just happier for the advice and thus wish users know what a great job you were getting into training the mediocre ones thru your site. Most likely you’ve never come across all of us.
I think you should add:
$fields_string = ”;
ahead of your for loop!
HI Guys,
I am a newbee to php and I have to send a http post msg(XML) to a URL with an additional parameter. Can anyone help me with a sample code for this ??
Thanks in advance.
Raman
Great post, but if we need to send a picture also? how we must change the code in case we need to add a photo of the person?
Awesome post! Thanks a lot
Thank you so much for this solution! Saved me hours of looking through documentation and trial and error!
Works perfectly!! Thank you!
Hey David,
since PHP5 you can easily use http_build_query() for building the data fields.
Good job!
Awesome, thanks for the quick reference works great. I think you may have forgotten to copy this line from your source code to the post:
$fields_string = ”;
No biggie though – thanks again.
error was generated after using curl in php from server side of indianrail.gov.in
Following ERROR was encountered in your Query Processing
access violation, reason mask=!XB, virtual address=!XH, PC=!X
Please help me it,s urgent…
Hello i need a php form that will send me field values to url like this
(when i type this in my broswer bar it works but i cant get it to work )
http://myserver.com/send?phone=00385123456789&text=blabla&password=Dsdjajc45
the password value should not be entered but predefined just the phone and text value
I’ve been trying to do this for like last 4 hours but i cant get it to work sorry im the begginer
can someone give me the code for my php file to do this
Thank you very much upfront
Thanks a lot david for this nice tutorial.
Great article,
I agree with some of the comments here that the it is simpler to use http_build_query instead of looping the array and trimming the end.
Also, if someone is using this code to interact with an API, you will need to add the following to your curl options
This will make sure you get the full payload back from the API instead of just a success of failure message.
Thanks for the great blog, keep up the good work.
count ?
maybe 1
Thanks! I used your code to cURL Cloudflare API
I get a 302 page that has a link that posts to the remote URL correctly. I can’t get it to post to it with the submit.
Thanks for this, the ONLY working solution I could find for a short-term proof-of-concept test.
It worked perfectly and – like your forum’s efficiency/security nitpickers – I can panel-beat it to address those issues. Well done!
Thanks again David! As per Paolo Gabrielli’s comments, it would be helpful if the rtrim() code could be amended please, otherwise the $fields_string variable will be unchanged and the trailing “&” will not be removed.
thanks for the code, modified a little bit, works like a charm. but how do i get only a part of the html as response instead of the entire html page? any hints?
Nice Article! Really helped me a lot to send post data with php using curl. Thanks for sharing this article! Worth Sharing
Thanks man for this article. Realy cool.
Hey David, i love your articles, curl is a best solution in php for requests, i love php ;)
Anyway thanks for the great post.
Your
rtrim
is not actually doing anything. It needs to be:Hi David,
Awesome post, this greatly helped me remap data coming from a CC processing gateway that needed to go into SalesForce.com. Neither of these systems are very flexible in what data field names need to be used/expected so a remap was in order.
Thanks a bunch,
Ron
Thanks for the post help.
I was going to do a stress test and forgot the syntax for
CURLOPT_POST
i.e. how to use with fields.Your post helped alot.
I get a 302 page that has a link that posts to the remote URL correctly. I can’t get it to post to it with the submit.
I know this is a very old post but it’s the first one that comes up when you search php post curl. I thought I’d share a problem I had,
Running this code returns
1
in the$result
variable, the actual request result is not stored anywhere but printed on the page.If you want the result of the request to be stored in the variable, you have to add this line:
I think using
http_build_query
function is better than using below code :Hi, great example.
Juste one question. Why don’t you use
to encode your parameters?
why not use
http_build_query($array)
to send the post request instead of stringifying it yourself?CURLOPT_POST
should be set to1
, not the count of the fields. https://curl.haxx.se/libcurl/c/CURLOPT_POST.html:LoL: are you serious?
it should be
I cannot get this to working. My second script is not able to retrieve any data! My codes are here – http://stackoverflow.com/questions/40663739/passing-2-string-from-one-php-file-to-the-other-using-curl
CURL_POST
expects a boolean, ifcount($_POST)
returns0
then this won’t actually POST(Which is plausible as some API’s expect their data in custom headers)
Instead of:
You can simply do:
+1 to http_build_query
works like a charm
Your url-ify section can be simplified with a built-in PHP function:
Yours:
Instead you could have simply used:
Easy peasy!
I have been using this tutorial for many years as my reference and I have always been confused as to why the fields_string always had a trailing “&” since we are using the rtrim function.
The rtrim function returns the string, it does not automatically assign therefore I have provided the fix above.
I am glad I found a place for posting CURL. Here is an additional challenge I hope someone can help sort out. What happens if your fields have special characters, such as in french words?
It seems that the example posts the string by replacing the special characters.
Ex: Nouveautés en greffes osseuses displays as Nouveaut?? en greffes osseuses.
I have tried encoding, but no such luck.
Any ideas?
An old solution, but I’m here to tell you it still works well! Thank you for sharing this.