I'm trying to retrieve some remote XML from another source using PHP. I understand that you're not supposed to enable allow_url_fopen for security reasons, so I'm not really sure how to go about doing this.
You might want to use curl for that. If your XML is available via HTTP, first curl it, then feed it to the XML parser.
Allow_url_fopen isn't unsafe or scary or dangerous per se, it's just that quite often it is disabled on shared hosting for various reasons.
If you control your own hosting environment, I'd say go with it. Otherwise, use curl as suggested.
Related
I m currently trying to transfer large data from one server to another using php cURL (posting the data). In some cases the remote server is getting incomplete data(corrupted).
Is there any other way to achieve this reliably
EDIT - 1
Using FTP seems good idea, anybody would like to say that it is bad or i should avoid it for any reason (Suggestions - #Ed Heal, #Neo)
I would guess your php session is timing out. See How to increase the execution timeout in php?
Or you could get curl to run in it's own thread. Call it from a bash script maybe.
Posting large files is not what http is for. Ftp is for transferring files. Hence the name.
But if you are stuck on using http, you can take a look at the WebDAV extensions to http. There is a php library called SabreDAV that you should take a look at:
http://code.google.com/p/sabredav/
You can even use scp to do so, so that the data transfer is secure as well. You would be able to find libraries to do so. Also basic function in php can be useful: http://php.net/manual/en/function.ssh2-sftp.php
As you say that it is truncated, I would imaging that the server has a file limitation size - i.e. to prevent abuse and denial of service attacks.
I would stick to FTP and perhaps compressing the files.
Some people disable the http wrapper for the include function. I need to use a query string when including a file, so I can't include it as a local file. Is it possible for me to override this setting? Can hosting companies make it impossible to override?
As long as I sanitise the input, I should be ok right?
no, you are never OK running the code you've got from a remote server. There are way too many ways to trick you into running something you don't expect. You'd better avoid it. If you are into adventures then you can try it with curl extension which is usually enabled on shared hosting. First get your text via curl
http://php.net/manual/en/function.curl-init.php
then eval it
http://php.net/manual/en/function.eval.php
I have an XML file I can get via a URL. I know I can get the file using fopen, but sometimes I've seen scripts use curl. Is there an advantage to using curl over fopen to get XML files?
allow_url_fopen, which is required if you want to open a remote file with fopen, can be disabled ; so, there are situations in which fopen('http://...') is not possible.
Note : in this answer, I say "fopen", but it's exactly the same with all PHP functions that can access remote files : fopen, file_get_contents, simplexml_load_file, ...
On the other hand, curl is an extension, and is not always enabled either.
One nice with curl is that it's pretty easy to configure, and there are a lot of existing options (see curl_setopt)
To configure the way fopen accesses remote files, it's a bit trickier -- you'll generally have to work with streams (see here, for example) ; and, generally speaking, there are more people knowing curl than there are developpers mastering streams.
Safest way -- especially if your application will be deployed to servers on which you are not administrator, and cannot re-configure :
Try one solution
And, if it doesn't work, try the other one
Well, if you are going to use SimpleXML to load the file you can use
simplexml_load_file($filename);
However, some servers will restrict loading urls from this function. In this case you would be restricted to cURL.
fopen is simpler to use, and I think not all server setups support curl out of the box. If fopen works fine for you it's probably your best choice.
I am looking for some advice on the best way to retrieve information from a web page (my own site) and then search through that information to find a certain text.
Keeping in mind that some of the servers that run PHP/Joomla do not have cURL enabled, I don't want to cause any unexpected errors.
I've looked at both fopen() and file_get_contents() and both seem to have conflicting views of each other in terms of which will work with/without cURL.
They will both work without curl, but you need to have allow_url_fopen enabled. You can check that by executing phpinfo(). There are security implications however, see this:
Should I allow 'allow_url_fopen' in PHP?
So to grab pages, you can use fopen(), file_get_contents() or some other independent HTTP client implemented in PHP such as HttpClient
that can function without those.
I would like to know why it is better to use curl instead off other methods like
$ret=file($url) in php.
This is actually used to access an http api for an sms gateway.
Someone dropped a "I would recommend using curl for http connections", but I don't know why.
I just read that it is necessary for Paypal payments, so that does sound interesting.
I did a Google search "why use libcurl", but I haven't found an answer yet.
Could someone explain please?
I think the FAQ on the curl site says it best:
1.2 What is libcurl?
libcurl is a reliable and portable
library which provides you with an
easy interface to a range of common
Internet protocols.
You can use libcurl for free in your
application, be it open source,
commercial or closed-source.
libcurl is most probably the most
portable, most powerful and most often
used C-based multi-platform file
transfer library on this planet - be
it open source or commercial.
Also, curl facilitates downloading data from multiple sources simultaneously with better efficiency than say file_get_contents() or file().
Well, I don't know much about other methods of doing HTTP calls in PHP, so I'm not sure if they can do this or not, but Curl can mimic a web browser in pretty much every way, by setting headers, even the user-agent header, etc so that the web server just thinks its a browser which can be important as some sites will try to stop access from anything that isn't a traditional browser
Curl extension has a lot of options that you can set, for example the connection time out. You can also add post variables or access the site with a specific referer. I also reccomend you to use CURL.