I'm doing a an ajax request to the following path:
http://example.com/dir/ajax/index.php
http://example.com/dir/ajax/index.php=123
that works. But when I'm calling
http://example.com/dir/ajax/index.php=http://example.net/ the request is answered withan error 403 forbidden,
Whats wrong with this call?
Your URL seems to be malformed. Have a look at the typical structure of a query string. You're not specifying the name of the query parameter to be parsed by the server. A sample of a valid URL would be
http://example.com/dir/ajax/index.php?query_name=http://example.net/
or even
http://example.com/dir/ajax/index.php?http://example.net/
If you're interested in more details about query strings, you should have a look at the standards
URI: https://www.rfc-editor.org/rfc/rfc3986#section-3.4
HTTP: http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html
I think in your case you don't have to distinguish between these two standards. If you're interested in building a query string automatically from javascript, have a look at this stackoverflow post.
Related
I am trying to create a simple web service that will give a result depending on parameters passed.
I would like to use file_get_contents but am having difficulties getting it to work. I have researched many of the other questions relating to the file_get_contents issues but none have been exactly the situation I seem to having.
I have a webpage:
example.com/xdirectory/index.php
I am attempting to get the value of the output of that page using:
file_get_contents(urlencode('https://www.example.com/xdirectory/index.php'));*
That does not work due to some issue with the https. Since the requesting page and the target are both on the same server I try again with a relative path:
file_get_contents(urlencode('../xdirectory/index.php'));
That does work and retrieves the html output of the page as expected.
Now if I try:
file_get_contents(urlencode('../xdirectory/index.php?id=100'));
The html output is (should be): Hello World.
The result retrieved by the command is blank. I check the error log and have an error:
[Fri Dec 04 12:22:54 2015] [error] [client 10.50.0.12] PHP Warning: file_get_contents(../xdirectory/index.php?id=100): failed to open stream: No such file or directory in /var/www/html/inventory/index.php on line 40, referer: https://www.example.com/inventory/index.php
The php.ini has these set:
allow_url_fopen, On local and On master
allow_url_include, On local and On master
Since I can get the content properly using only the url and NOT when using it with parameters I'm guessing that there is an issue with parameters and file_get_contents. I cannot find any notice against using parameters in the documentation so am at a loss and asking for your help.
Additional Notes:
I have tried this using urlencode and not using urlencode. Also, I am not trying to retrieve a file but dynamically created html output depending on parameters passed (just as much of the html output at index.php is dynamically created).
** There are several folks giving me all kind of good suggestions and it has been suggested that I must use the full blown absolute path. I just completed an experiment using file_get_contents to get http://www.duckduckgo.com, that worked, and then with a urlencoded parameter (http://www.duckduckgo.com/?q=php+is+cool)... that worked too.
It was when I tried the secure side of things, https://www.duckduckgo.com that it failed, and, with the same error message in the log as I have been receiving with my other queries.
So, now I have a refined question and I may need to update the question title to reflect it.
Does anyone know how to get a parameterized relative url to work with file_get_contents? (i.e. 'file_get_contents(urlencode('../xdirectory/index.php?id=' . urlencode('100'))); )
Unless you provide a full-blown absolute protocol://host/path-type url to file_get_contents, it WILL assume you're dealing with a local filesystem path.
That means your urlencode() version is wrongly doing
file_get_contents('..%2Fxdirectory%2Findex.php');
and you are HIGHLY unlikely to have a hidden file named ..%2Fetc....
call url with domain, try this
file_get_contents('https://www.example.com/inventory/index.php?id=100');
From reading your comments and additional notes, I think you don't want file_get_contents but you want include.
see How to execute and get content of a .php file in a variable?
Several of these answers give you useful pointers on what it looks like you're trying to achieve.
file_get_contents will return the contents of a file rather than the output of a file, unless it's a URL, but as you seem to have other issues with passing the URI absolutely....
So; you can construct something like:
$_GET['id'] = 100;
//this will pass the variable into the index.php file to use as if it was
// a GET value passed in the URI.
$output = include $_SERVER['DOCUMENT_ROOT']."/file/address/index.php";
unset($_GET['id']);
//$output holds the HTML code as a string,
The above feels hacky trying to incorporate $_GET values into the index.php page, but if you can edit the index.php page you can use plain PHP passed values and also get the output returned with a specific return $output; statement at the end of the included file.
It has been two years since I used PHP so I am just speculating about what I might try in your situation.
Instead of trying fetching the parsed file contents with arguments as a query string, I might try to set the variables directly within the php script and then include it (that is if the framework you use allows this).
To achive this I would use pattern:
ob_start -> set the variable, include the file that uses the variable -> ob_get_contents -> ob_end_clean
It is like opening your terminal and running the php file with arguments.
Anyway, I would not be surprised if there are better ways to achieve the same results. Happy hacking :o)
EDIT:
I like to emphasize that I am just speculating. I don't know if there are any security issues with this approach. You could of course ask and see if anyone knows here on stackoverflow.
EDIT2:
Hmm, scrap what I said last. I would check if you can use argv instead.
'argv' Array of arguments passed to the script. When the script is run on the command line, this gives C-style access to the command line parameters. When called via the GET method, this will contain the query string. http://php.net/manual/en/reserved.variables.server.php
Then you just call your php script locally but without the query mark indicator "?". This way you can use the php interpreter without the server.
This is likely to be the most general solution because you can also use argv for get requests if I am understanding the manual correctly.
I tryied searching for this and I belive I alredy know the answer but it's crusal that I'm not wrong, so here I go..
When calling get_headers, will I retrieve the whole file even though the function only returns the headers or will it retrieve, as expected, only the headers and nothing else?
I'm guessing the last but if I'm wrong this will cause some serious problems..
Also I noticed that there is a global setting I can change to send a HEAD request instead of the default GET request, witch is why I'm asking my self whats really going on.
Edit
Maybe this function is a better alternative? stream_get_meta_data or do they actually do the same thing?
You could also take a look at the source code, if you are familiar with C.
The function is defined here. I quickly looked over this, and it seems it is a header-only request, see line 715:
STREAM_ONLY_GET_HEADERS
GET
Requests a representation of the specified resource. Requests using
GET should only retrieve data and should have no other effect. (This
is also true of some other HTTP methods.) The W3C has published
guidance principles on this distinction, saying, "Web application
design should be informed by the above principles, but also by the
relevant limitations."
HEAD
Asks for the response identical to the one that would correspond to a
GET request, but without the response body. This is useful for
retrieving meta-information written in response headers, without
having to transport the entire content.
Wikipedia/Hypertext_Transfer_Protocol
The PHP-docs clearly states that normal get_headers() uses a GET-request, but you can force it to use HEAD instead, like this:
<?php
// By default get_headers uses a GET request to fetch the headers. If you
// want to send a HEAD request instead, you can do so using a stream context:
stream_context_set_default(
array(
'http' => array(
'method' => 'HEAD'
)
)
);
$headers = get_headers('http://example.com');
?>
Unfortunaley you're right, just read the PHP manual:
get_headers() returns an array with the headers sent by the server in response to a HTTP request.
Also take a look at the examples.
Okay, next time I should spend more attention to the question formulation.
Yeh, if the request type is set to GET (standard) you will get the whole content. You could change it to HEAD, but this is not what you want.
I am quite frustrated with a very weird issue. I am trying to do a very simple thing here. I would like to post a form to an endpoint. I tried using the following command:
curl -d "Contact=Aditya&address1=1510 E. 9th Street&address2=Apt. 111&city=Tucson&state=AZ&zip=85719&Phone1=5207849817&Phone2=1237849812&email=aditya15417#yahoo.com&key2=09 New Lead&key5=AmpushU&uhsgradyr=1950&uhighlevel=AA&ucourseint=BA Internet Mktg&uCampaignID=Herlambang&utextperm=YES&uleaddate=20110910&uleadtime=19:18 PST" http://dev.degreeamerica.com/candidate_test.php
And yes it succeeds just fine, however when I try it via the site it gives me an error. Can someone tell me what I did wrong? The parameter I have on the curl is just something I copy and paste from firebug POST request, so the parameter is all the same.
Is there something wrong with me doing the AJAX?
You can't receive the results of a cross-domain post like that. Your page is on adityaherlambang.com, but you're posting to degreeamerica.com, so you can't get the results
One solution is to use a server-side proxy on adityaherlambang.com, and post using libcurl to degreeamerica.com, while returning whatever kind of status you want to your own site's JavaScript.
I'm trying to send a URL with aFLickr API key to fetch results for a given photo tag. The Ajax code should return the XML to my browser. However the URL structure with parameters seems to cause a problem in my setup:
**the HTML file:**
...
url="api.flickr.com/services/rest/?method=flickr.photos.search&api_key=75564008a468bf8a284dc94bbd176dd8&tags=paris"
request.open("GET","xmlget.php?url=" + url + nocache, true)
...
**the 'xmlget.php' file:**
...
echo file_get_contents($_GET['url']);
...
error: code="100" msg="Invalid API Key (Key has invalid format)">
the link works fine if tested in the adress bar so there must be a breakdown somewhere when the URL is processed.
i tried wrapping it into encodeURI but no luck :(
Note: related post
You need to use encodeURIComponent instead of encodeURI to actually get that string encoded.
May I make 2 suggestions?
just pass the search parameters to xmlget.php and do the rest there even if it means having to pass a service type if you are using that generically
I don't remember what all a Flickr api key gets you, but it's generally a bad thing to post anything called an "api key" in public. In addition to the question, that includes sticking it in javascript that an end user can access.
I have read many about REST api in php articles. but I still get quite confusing.
they basically rewrite the url to a index.php, which process the url and depends on the method, then send response
but which is the properly way to process the url? this looks doen't look correct...
get the uri and split it
I should know what to do with each portion, eg. for GET /usr/1 I should do something like:
if($myUri[0]=="usr")
getUser($myUri[1]);
if the request url is like GET www.domain.com/user/1
it would call getUser($id);
but what happen if you can also retrieve the user by name, or maybe e-mail? so the url can also be www.domain.com/user/john or www.domain.com/user/john#gmail.com
and each url should call different methods like getUsrByName($name) or getUsrByEmail($mail)
The proper way of handling this would be to have URLs like this:
domain.com/user/id/1 -> user::getById
domain.com/user/email/foo#bar.com -> user::getByEmail
domain.com/user/username/foo -> user::getByUsername
However, specifying multiple "parameters" is more like a search, I'd go against using resources for that, because a path should be absolute. Which means:
domain.com/user/name/Kossel/likes/StackOverflow
And:
domain.com/user/likes/StackOverflow/name/Kossel
Are not the same resource. Instead I'd do:
domain.com/user/?name=Kossel&likes=StackOverflow
This is what Stack Overflow uses:
stackoverflow.com/questions/tagged/php
stackoverflow.com/tags/php/new
stackoverflow.com/questions/tagged/mysql?sort=featured
To avoid long if/else statement, use variable function names. this allows you to use the url string to call the correct function.
http://php.net/manual/en/functions.variable-functions.php
Also, you may want to use classes/class methods instead of functions. this way you can set up an __autoload function, which will allow you to only load code that you are going to use each time the index.php is called.
MVC architecture usually breaks their urls into /class_name/class_method_name/arguments...