cURL 函数
在线手册:中文  英文

curl_setopt

(PHP 4 >= 4.0.2, PHP 5)

curl_setopt设置一个cURL传输选项

说明

bool curl_setopt ( resource $ch , int $option , mixed $value )

为给定的cURL会话句柄设置一个选项。

参数

ch

curl_init() 返回的 cURL 句柄。

option

需要设置的CURLOPT_XXX选项。

value

将设置在option选项上的值。

对于下面的这些option的可选参数,value应该被设置一个bool类型的值:

选项 可选value 备注
CURLOPT_AUTOREFERER 当根据Location:重定向时,自动设置header中的Referer:信息。
CURLOPT_BINARYTRANSFER 在启用CURLOPT_RETURNTRANSFER的时候,返回原生的(Raw)输出。
CURLOPT_COOKIESESSION 启用时curl会仅仅传递一个session cookie,忽略其他的cookie,默认状况下cURL会将所有的cookie返回给服务端。session cookie是指那些用来判断服务器端的session是否有效而存在的cookie。
CURLOPT_CRLF 启用时将Unix的换行符转换成回车换行符。
CURLOPT_DNS_USE_GLOBAL_CACHE 启用时会启用一个全局的DNS缓存,此项为线程安全的,并且默认启用。
CURLOPT_FAILONERROR 显示HTTP状态码,默认行为是忽略编号小于等于400的HTTP信息。
CURLOPT_FILETIME 启用时会尝试修改远程文档中的信息。结果信息会通过 curl_getinfo()函数的CURLINFO_FILETIME选项返回。 curl_getinfo().
CURLOPT_FOLLOWLOCATION 启用时会将服务器服务器返回的"Location: "放在header中递归的返回给服务器,使用CURLOPT_MAXREDIRS可以限定递归返回的数量。
CURLOPT_FORBID_REUSE 在完成交互以后强迫断开连接,不能重用。
CURLOPT_FRESH_CONNECT 强制获取一个新的连接,替代缓存中的连接。
CURLOPT_FTP_USE_EPRT 启用时当FTP下载时,使用EPRT (或 LPRT)命令。设置为FALSE时禁用EPRT和LPRT,使用PORT命令 only.
CURLOPT_FTP_USE_EPSV 启用时,在FTP传输过程中回复到PASV模式前首先尝试EPSV命令。设置为FALSE时禁用EPSV命令。
CURLOPT_FTPAPPEND 启用时追加写入文件而不是覆盖它。
CURLOPT_FTPASCII CURLOPT_TRANSFERTEXT的别名。
CURLOPT_FTPLISTONLY 启用时只列出FTP目录的名字。
CURLOPT_HEADER 启用时会将头文件的信息作为数据流输出。
CURLINFO_HEADER_OUT 启用时追踪句柄的请求字符串。 从 PHP 5.1.3 开始可用。CURLINFO_前缀是故意的(intentional)。
CURLOPT_HTTPGET 启用时会设置HTTP的method为GET,因为GET是默认是,所以只在被修改的情况下使用。
CURLOPT_HTTPPROXYTUNNEL 启用时会通过HTTP代理来传输。
CURLOPT_MUTE 启用时将cURL函数中所有修改过的参数恢复默认值。
CURLOPT_NETRC 在连接建立以后,访问~/.netrc文件获取用户名和密码信息连接远程站点。
CURLOPT_NOBODY 启用时将不对HTML中的BODY部分进行输出。
CURLOPT_NOPROGRESS

启用时关闭curl传输的进度条,此项的默认设置为启用。

Note:

PHP自动地设置这个选项为TRUE,这个选项仅仅应当在以调试为目的时被改变。

CURLOPT_NOSIGNAL 启用时忽略所有的curl传递给php进行的信号。在SAPI多线程传输时此项被默认启用。 cURL 7.10时被加入。
CURLOPT_POST 启用时会发送一个常规的POST请求,类型为:application/x-www-form-urlencoded,就像表单提交的一样。
CURLOPT_PUT 启用时允许HTTP发送文件,必须同时设置CURLOPT_INFILECURLOPT_INFILESIZE
CURLOPT_RETURNTRANSFER curl_exec()获取的信息以文件流的形式返回,而不是直接输出。
CURLOPT_SSL_VERIFYPEER 禁用后cURL将终止从服务端进行验证。使用CURLOPT_CAINFO选项设置证书使用CURLOPT_CAPATH选项设置证书目录 如果CURLOPT_SSL_VERIFYPEER(默认值为2)被启用,CURLOPT_SSL_VERIFYHOST需要被设置成TRUE否则设置为FALSE 自cURL 7.10开始默认为TRUE。从cURL 7.10开始默认绑定安装。
CURLOPT_TRANSFERTEXT 启用后对FTP传输使用ASCII模式。对于LDAP,它检索纯文本信息而非HTML。在Windows系统上,系统不会把STDOUT设置成binary模式。
CURLOPT_UNRESTRICTED_AUTH 在使用CURLOPT_FOLLOWLOCATION产生的header中的多个locations中持续追加用户名和密码信息,即使域名已发生改变。
CURLOPT_UPLOAD 启用后允许文件上传。
CURLOPT_VERBOSE 启用时会汇报所有的信息,存放在STDERR或指定的CURLOPT_STDERR中。

对于下面的这些option的可选参数,value应该被设置一个integer类型的值:

选项 可选value 备注
CURLOPT_BUFFERSIZE 每次获取的数据中读入缓存的大小,但是不保证这个值每次都会被填满。 在cURL 7.10中被加入。
CURLOPT_CLOSEPOLICY 不是CURLCLOSEPOLICY_LEAST_RECENTLY_USED就是CURLCLOSEPOLICY_OLDEST,还存在另外三个CURLCLOSEPOLICY_,但是cURL暂时还不支持。
CURLOPT_CONNECTTIMEOUT 在发起连接前等待的时间,如果设置为0,则无限等待。
CURLOPT_CONNECTTIMEOUT_MS 尝试连接等待的时间,以毫秒为单位。如果设置为0,则无限等待。 在cURL 7.16.2中被加入。从PHP 5.2.3开始可用。
CURLOPT_DNS_CACHE_TIMEOUT 设置在内存中保存DNS信息的时间,默认为120秒。
CURLOPT_FTPSSLAUTH FTP验证方式:CURLFTPAUTH_SSL (首先尝试SSL),CURLFTPAUTH_TLS (首先尝试TLS)或CURLFTPAUTH_DEFAULT (让cURL自动决定)。 在cURL 7.12.2中被加入。
CURLOPT_HTTP_VERSION CURL_HTTP_VERSION_NONE (默认值,让cURL自己判断使用哪个版本),CURL_HTTP_VERSION_1_0 (强制使用 HTTP/1.0)或CURL_HTTP_VERSION_1_1 (强制使用 HTTP/1.1)。
CURLOPT_HTTPAUTH

使用的HTTP验证方法,可选的值有:CURLAUTH_BASICCURLAUTH_DIGESTCURLAUTH_GSSNEGOTIATECURLAUTH_NTLMCURLAUTH_ANYCURLAUTH_ANYSAFE

可以使用|位域(或)操作符分隔多个值,cURL让服务器选择一个支持最好的值。

CURLAUTH_ANY等价于CURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_GSSNEGOTIATE | CURLAUTH_NTLM.

CURLAUTH_ANYSAFE等价于CURLAUTH_DIGEST | CURLAUTH_GSSNEGOTIATE | CURLAUTH_NTLM.

CURLOPT_INFILESIZE 设定上传文件的大小限制,字节(byte)为单位。
CURLOPT_LOW_SPEED_LIMIT 当传输速度小于CURLOPT_LOW_SPEED_LIMIT时(bytes/sec),PHP会根据CURLOPT_LOW_SPEED_TIME来判断是否因太慢而取消传输。
CURLOPT_LOW_SPEED_TIME 当传输速度小于CURLOPT_LOW_SPEED_LIMIT时(bytes/sec),PHP会根据CURLOPT_LOW_SPEED_TIME来判断是否因太慢而取消传输。
CURLOPT_MAXCONNECTS 允许的最大连接数量,超过是会通过CURLOPT_CLOSEPOLICY决定应该停止哪些连接。
CURLOPT_MAXREDIRS 指定最多的HTTP重定向的数量,这个选项是和CURLOPT_FOLLOWLOCATION一起使用的。
CURLOPT_PORT 用来指定连接端口。(可选项)
CURLOPT_PROTOCOLS

CURLPROTO_*的位域指。如果被启用,位域值会限定libcurl在传输过程中有哪些可使用的协议。这将允许你在编译libcurl时支持众多协议,但是限制只是用它们中被允许使用的一个子集。默认libcurl将会使用全部它支持的协议。参见CURLOPT_REDIR_PROTOCOLS.

可用的协议选项为:CURLPROTO_HTTPCURLPROTO_HTTPSCURLPROTO_FTPCURLPROTO_FTPSCURLPROTO_SCPCURLPROTO_SFTPCURLPROTO_TELNETCURLPROTO_LDAPCURLPROTO_LDAPSCURLPROTO_DICTCURLPROTO_FILECURLPROTO_TFTPCURLPROTO_ALL

在cURL 7.19.4中被加入。
CURLOPT_PROXYAUTH HTTP代理连接的验证方式。使用在CURLOPT_HTTPAUTH中的位域标志来设置相应选项。对于代理验证只有CURLAUTH_BASICCURLAUTH_NTLM当前被支持。 在cURL 7.10.7中被加入。
CURLOPT_PROXYPORT 代理服务器的端口。端口也可以在CURLOPT_PROXY中进行设置。
CURLOPT_PROXYTYPE 不是CURLPROXY_HTTP (默认值) 就是CURLPROXY_SOCKS5 在cURL 7.10中被加入。
CURLOPT_REDIR_PROTOCOLS CURLPROTO_*中的位域值。如果被启用,位域值将会限制传输线程在CURLOPT_FOLLOWLOCATION开启时跟随某个重定向时可使用的协议。这将使你对重定向时限制传输线程使用被允许的协议子集默认libcurl将会允许除FILE和SCP之外的全部协议。这个和7.19.4预发布版本种无条件地跟随所有支持的协议有一些不同。关于协议常量,请参照CURLOPT_PROTOCOLS 在cURL 7.19.4中被加入。
CURLOPT_RESUME_FROM 在恢复传输时传递一个字节偏移量(用来断点续传)。
CURLOPT_SSL_VERIFYHOST 1 检查服务器SSL证书中是否存在一个公用名(common name)。译者注:公用名(Common Name)一般来讲就是填写你将要申请SSL证书的域名 (domain)或子域名(sub domain)。2 检查公用名是否存在,并且是否与提供的主机名匹配。
CURLOPT_SSLVERSION 使用的SSL版本(2 或 3)。默认情况下PHP会自己检测这个值,尽管有些情况下需要手动地进行设置。
CURLOPT_TIMECONDITION 如果在CURLOPT_TIMEVALUE指定的某个时间以后被编辑过,则使用CURL_TIMECOND_IFMODSINCE返回页面,如果没有被修改过,并且CURLOPT_HEADER为true,则返回一个"304 Not Modified"的header, CURLOPT_HEADER为false,则使用CURL_TIMECOND_IFUNMODSINCE,默认值为CURL_TIMECOND_IFUNMODSINCE
CURLOPT_TIMEOUT 设置cURL允许执行的最长秒数。
CURLOPT_TIMEOUT_MS 设置cURL允许执行的最长毫秒数。 在cURL 7.16.2中被加入。从PHP 5.2.3起可使用。
CURLOPT_TIMEVALUE 设置一个CURLOPT_TIMECONDITION使用的时间戳,在默认状态下使用的是CURL_TIMECOND_IFMODSINCE

对于下面的这些option的可选参数,value应该被设置一个string类型的值:

选项 可选value 备注
CURLOPT_CAINFO 一个保存着1个或多个用来让服务端验证的证书的文件名。这个参数仅仅在和CURLOPT_SSL_VERIFYPEER一起使用时才有意义。 .
CURLOPT_CAPATH 一个保存着多个CA证书的目录。这个选项是和CURLOPT_SSL_VERIFYPEER一起使用的。
CURLOPT_COOKIE 设定HTTP请求中"Cookie: "部分的内容。多个cookie用分号分隔,分号后带一个空格(例如, "fruit=apple; colour=red")。
CURLOPT_COOKIEFILE 包含cookie数据的文件名,cookie文件的格式可以是Netscape格式,或者只是纯HTTP头部信息存入文件。
CURLOPT_COOKIEJAR 连接结束后保存cookie信息的文件。
CURLOPT_CUSTOMREQUEST

使用一个自定义的请求信息来代替"GET""HEAD"作为HTTP请求。这对于执行"DELETE" 或者其他更隐蔽的HTTP请求。有效值如"GET""POST""CONNECT"等等。也就是说,不要在这里输入整个HTTP请求。例如输入"GET /index.html HTTP/1.0\r\n\r\n"是不正确的。

Note:

在确定服务器支持这个自定义请求的方法前不要使用。

CURLOPT_EGDSOCKET 类似CURLOPT_RANDOM_FILE,除了一个Entropy Gathering Daemon套接字。
CURLOPT_ENCODING HTTP请求头中"Accept-Encoding: "的值。支持的编码有"identity""deflate""gzip"。如果为空字符串"",请求头会发送所有支持的编码类型。 在cURL 7.10中被加入。
CURLOPT_FTPPORT 这个值将被用来获取供FTP"POST"指令所需要的IP地址。"POST"指令告诉远程服务器连接到我们指定的IP地址。这个字符串可以是纯文本的IP地址、主机名、一个网络接口名(UNIX下)或者只是一个'-'来使用默认的IP地址。
CURLOPT_INTERFACE 网络发送接口名,可以是一个接口名、IP地址或者是一个主机名。
CURLOPT_KRB4LEVEL KRB4 (Kerberos 4) 安全级别。下面的任何值都是有效的(从低到高的顺序):"clear""safe""confidential""private".。如果字符串和这些都不匹配,将使用"private"。这个选项设置为NULL时将禁用KRB4 安全认证。目前KRB4 安全认证只能用于FTP传输。
CURLOPT_POSTFIELDS 全部数据使用HTTP协议中的"POST"操作来发送。要发送文件,在文件名前面加上@前缀并使用完整路径。这个参数可以通过urlencoded后的字符串类似'para1=val1&para2=val2&...'或使用一个以字段名为键值,字段数据为值的数组。如果value是一个数组,Content-Type头将会被设置成multipart/form-data
CURLOPT_PROXY HTTP代理通道。
CURLOPT_PROXYUSERPWD 一个用来连接到代理的"[username]:[password]"格式的字符串。
CURLOPT_RANDOM_FILE 一个被用来生成SSL随机数种子的文件名。
CURLOPT_RANGE "X-Y"的形式,其中X和Y都是可选项获取数据的范围,以字节计。HTTP传输线程也支持几个这样的重复项中间用逗号分隔如"X-Y,N-M"
CURLOPT_REFERER 在HTTP请求头中"Referer: "的内容。
CURLOPT_SSL_CIPHER_LIST 一个SSL的加密算法列表。例如RC4-SHATLSv1都是可用的加密列表。
CURLOPT_SSLCERT 一个包含PEM格式证书的文件名。
CURLOPT_SSLCERTPASSWD 使用CURLOPT_SSLCERT证书需要的密码。
CURLOPT_SSLCERTTYPE 证书的类型。支持的格式有"PEM" (默认值), "DER""ENG" 在cURL 7.9.3中被加入。
CURLOPT_SSLENGINE 用来在CURLOPT_SSLKEY中指定的SSL私钥的加密引擎变量。
CURLOPT_SSLENGINE_DEFAULT 用来做非对称加密操作的变量。
CURLOPT_SSLKEY 包含SSL私钥的文件名。
CURLOPT_SSLKEYPASSWD

CURLOPT_SSLKEY中指定了的SSL私钥的密码。

Note:

由于这个选项包含了敏感的密码信息,记得保证这个PHP脚本的安全。

CURLOPT_SSLKEYTYPE CURLOPT_SSLKEY中规定的私钥的加密类型,支持的密钥类型为"PEM"(默认值)、"DER""ENG"
CURLOPT_URL 需要获取的URL地址,也可以在 curl_init()函数中设置。
CURLOPT_USERAGENT 在HTTP请求中包含一个"User-Agent: "头的字符串。
CURLOPT_USERPWD 传递一个连接中需要的用户名和密码,格式为:"[username]:[password]"

对于下面的这些option的可选参数,value应该被设置一个数组:

选项 可选value 备注
CURLOPT_HTTP200ALIASES 200响应码数组,数组中的响应吗被认为是正确的响应,否则被认为是错误的。 在cURL 7.10.3中被加入。
CURLOPT_HTTPHEADER 一个用来设置HTTP头字段的数组。使用如下的形式的数组进行设置: array('Content-type: text/plain', 'Content-length: 100')
CURLOPT_POSTQUOTE 在FTP请求执行完成后,在服务器上执行的一组FTP命令。
CURLOPT_QUOTE 一组先于FTP请求的在服务器上执行的FTP命令。

对于下面的这些option的可选参数,value应该被设置一个流资源 (例如使用 fopen()):

选项 可选value
CURLOPT_FILE 设置输出文件的位置,值是一个资源类型,默认为STDOUT (浏览器)。
CURLOPT_INFILE 在上传文件的时候需要读取的文件地址,值是一个资源类型。
CURLOPT_STDERR 设置一个错误输出地址,值是一个资源类型,取代默认的STDERR
CURLOPT_WRITEHEADER 设置header部分内容的写入的文件地址,值是一个资源类型。

对于下面的这些option的可选参数,value应该被设置为一个回调函数名:

选项 可选value
CURLOPT_HEADERFUNCTION 设置一个回调函数,这个函数有两个参数,第一个是cURL的资源句柄,第二个是输出的header数据。header数据的输出必须依赖这个函数,返回已写入的数据大小。
CURLOPT_PASSWDFUNCTION 设置一个回调函数,有三个参数,第一个是cURL的资源句柄,第二个是一个密码提示符,第三个参数是密码长度允许的最大值。返回密码的值。
CURLOPT_PROGRESSFUNCTION 设置一个回调函数,有三个参数,第一个是cURL的资源句柄,第二个是一个文件描述符资源,第三个是长度。返回包含的数据。
CURLOPT_READFUNCTION 回调函数名。该函数应接受三个参数。第一个是 cURL resource;第二个是通过选项 CURLOPT_INFILE 传给 cURL 的 stream resource;第三个参数是最大可以读取的数据的数量。回 调函数必须返回一个字符串,长度小于或等于请求的数据量(第三个参数)。一般从传入的 stream resource 读取。返回空字符串作为 EOF(文件结束) 信号。
CURLOPT_WRITEFUNCTION 回调函数名。该函数应接受两个参数。第一个是 cURL resource;第二个是要写入的数据字符串。数 据必须在函数中被保存。函数必须返回准确的传入的要写入数据的字节数,否则传输会被一个错误所中 断。

返回值

成功时返回 TRUE, 或者在失败时返回 FALSE

更新日志

版本 说明
5.2.10 引入 CURLOPT_PROTOCOLS, and CURLOPT_REDIR_PROTOCOLS.
5.1.0 引入 CURLOPT_AUTOREFERER, CURLOPT_BINARYTRANSFER, CURLOPT_FTPSSLAUTH, CURLOPT_PROXYAUTH, and CURLOPT_TIMECONDITION.
5.0.0 引入 CURLOPT_FTP_USE_EPRT, CURLOPT_NOSIGNAL, CURLOPT_UNRESTRICTED_AUTH, CURLOPT_BUFFERSIZE, CURLOPT_HTTPAUTH, CURLOPT_PROXYPORT, CURLOPT_PROXYTYPE, CURLOPT_SSLCERTTYPE, and CURLOPT_HTTP200ALIASES.

范例

Example #1 初始化一个新的cURL会话并获取一个网页

<?php
// 创建一个新cURL资源
$ch curl_init();

// 设置URL和相应的选项
curl_setopt($chCURLOPT_URL"http://www.example.com/");
curl_setopt($chCURLOPT_HEADERfalse);

// 抓取URL并把它传递给浏览器
curl_exec($ch);

//关闭cURL资源,并且释放系统资源
curl_close($ch);
?>

Example #2 上传文件

<?php

/* http://localhost/upload.php:
print_r($_POST);
print_r($_FILES);
*/

$ch curl_init();

$data = array('name' => 'Foo''file' => '@/home/user/test.png');

curl_setopt($chCURLOPT_URL'http://localhost/upload.php');
curl_setopt($chCURLOPT_POST1);
curl_setopt($chCURLOPT_POSTFIELDS$data);

curl_exec($ch);
?>

以上例程会输出:

Array
(
    [name] => Foo
)
Array
(
    [file] => Array
        (
            [name] => test.png
            [type] => image/png
            [tmp_name] => /tmp/phpcpjNeQ
            [error] => 0
            [size] => 279
        )

)

注释

Note:

传递一个数组到CURLOPT_POSTFIELDS,cURL会把数据编码成 multipart/form-data,而然传递一个URL-encoded字符串时,数据会被编码成 application/x-www-form-urlencoded

参见


cURL 函数
在线手册:中文  英文

用户评论:

shiplu at programmer dot net (2013-06-01 18:23:51)

CURLOPT_POST should be set before CURLOPT_POSTFIELDS. Otherwise you might encounter 411 Length required error.

Following code generates "411 Length Required" on nginx/1.1.15
<?php
curl_setopt 
($chCURLOPT_POSTFIELDS$postfields); 
curl_setopt ($chCURLOPT_POST1);
?>

But this one works.

<?php
curl_setopt 
($chCURLOPT_POST1);
curl_setopt ($chCURLOPT_POSTFIELDS$postfields); 
?>

Manasi (2013-05-10 17:55:37)

CURLAUTH_ANY is not an alias for CURLAUTH_NTLM. I had to specify CURLAUTH_NTLM for a Windows authenticated URL

Madcat (2013-05-06 15:14:51)

If you have a mixture of strings starting with @ (at character) and files in CURLOPT_POSTFIELDS you have a problem (such as posting a tweet with attached media) because curl tries to interpret anything starting with @ as a file.

<?php

$postfields 
= array(
    
'upload_file' => '@file_to_upload.png',
    
'upload_text' => '@text_to_upload'
);

$curl curl_init();
curl_setopt($curlCURLOPT_URL'http://example.com/upload-test');
curl_setopt($curlCURLOPT_POSTFIELDS$postfields);
curl_exec($curl);
curl_close($curl);

?>

To get around this, prepend the text string with the NULL character like so:

<?php
    $postfields 
= array(
        
'upload_file' => '@file_to_upload.png',
        
'upload_text' => sprintf("\0%s"'@text_to_upload')
    );
?>

Original source: http://bit.ly/AntMle

S.F. (2013-04-18 18:48:56)

I spent a couple of days trying to upload a file using a curl post.

The problem I ran into was the filename had an '@' in the middle of it.  It turned out that at least on my system if I encoded the file path using the quoted_printable_encode() function the upload works.

I'm posting this in the hopes that it will help someone else, and for my own future reference.

Code:
<?php

$filepath 
'/tmp/test@example.txt';
$postdata['file'] = '@' quoted_printable_encode($filepath);

//... supporting code.

$result curl_exec($ch);

?>
I'm not exactly sure why this works when escaping the '@' doesn't work but it does for me.

If anyone can offer insight into why this works or a better way to handle the '@' symbol in a filename when using curl to upload I would love to hear it.

Thanks

dardyole at hotmail dot com (2013-04-18 16:29:51)

Another note addressing the issues with servers that have open_basedir and safe mode turned on. Such an issue spawns the following E_WARNING:

Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set

After looking through the notes, most of the proposed manual implementations were kind of clunky and in some cases just didn't work at all. Most importantly (in my case), was the behaviour of the 302 Header. Anyway, here's the code I ended up using which has worked well for me in all cases so far, it even addresses the issue that caused FOLLOWLOCATION to be turned off in some cases :)

EDIT: Unfortunately the code itself is deemed "too long" for PHP's note system. I've uploaded it to a few paste sites below so hopefully the links will live for a while at least.

http://pastebin.com/aaJtPy1j
http://pastie.org/7646116

Use it as a replacement for curl_exec. For example:

<?php
$ch 
curl_init("http://php.net");
var_dump(curl_exec_follow($ch9001));
curl_close($ch);
?>

xuyan83121 at gmail dot com (2013-03-18 05:54:32)

when use curl_multi_exec, the CURLOPT_TIMEOUT need curl version newer than 7.21.2.
this can be found at curl changelog.

m at mar dot lt (2012-10-25 15:06:53)

Be careful when changing CURLOPT_SSL_VERIFYHOST or other options to true (boolean). It may cause insecure behavior [1]
This is because boolean true casts into integer 1, and CURLOPT_SSL_VERIFYHOST = 1 is not secure behavior.
[1] Martin Georgiev and Subodh Iyengar and Suman Jana and Rishita Anubhai and Dan Boneh and Vitaly Shmatikov, The most dangerous code in the world: validating SSL certificates in non-browser software, ACM CCS '12, pp. 38-49, 2012

rmckay at webaware dot com dot au (2012-10-24 00:21:23)

Please everyone, stop setting CURLOPT_SSL_VERIFYPEER to false or 0. If your PHP installation doesn't have an up-to-date CA root certificate bundle, download the one at the curl website and save it on your server:
http://curl.haxx.se/docs/caextract.html
Then set a path to it in your php.ini file, e.g. on Windows:
curl.cainfo=c:\php\cacert.pem
Turning off CURLOPT_SSL_VERIFYPEER allows man in the middle (MITM) attacks, which you don't want!

regan dot corey at gmail dot com (2012-10-22 22:22:21)

I spent a couple of days trying to POST a multi-dimensional array of form fields, including a file upload, to a remote server to update a product. Here are the breakthroughs that FINALLY allowed the script to run as desired.
Firstly, the HTML form used input names like these:
<input type="text" name="product[name]" />
<input type="text" name="product[cost]" />
<input type="file" name="product[thumbnail]" />
in conjunction with two other form inputs not part of the product array
<input type="text" name="method" value="put" />
<input type="text" name="mode" />
I used several cURL options, but the only two (other than URL) that mattered were:
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_POSTFIELDS, $postfields);
Pretty standard so far.
Note: headers didn't need to be set, cURL automatically sets headers (like content-type: multipart/form-data; content-length...) when you pass an array into CURLOPT_POSTFIELDS.
Note: even though this is supposed to be a PUT command through an HTTP POST form, no special PUT options needed to be passed natively through cURL. Options such as
curl_setopt($handle, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT', 'Content-Length: ' . strlen($fields)));
or
curl_setopt($handle, CURLOPT_PUT, true);
or
curl_setopt($handle, CURLOPT_CUSTOMREQUEST, "PUT);
were not needed to make the code work.
The fields I wanted to pass through cURL were arranged into an array something like this:
$postfields = array("method" => $_POST["method"],
"mode" => $_POST["mode"],
"product" => array("name" => $_POST["product"],
"cost" => $_POST["product"]["cost"],
"thumbnail" => "@{$_FILES["thumbnail"]["tmp_name"]};type={$_FILES["thumbnail"]["type"]}")
);
-Notice how the @ precedes the temporary filename, this creates a link so PHP will upload/transfer an actual file instead of just the file name, which would happen if the @ isn't included.
-Notice how I forcefully set the mime-type of the file to upload. I was having issues where images filetypes were defaulting to octet-stream instead of image/png or image/jpeg or whatever the type of the selected image.
I then tried passing $postfields straight into curl_setopt($this->handle, CURLOPT_POSTFIELDS, $postfields); but it didn't work.
I tried using http_build_query($postfields); but that didn't work properly either.
In both cases either the file wouldn't be treated as an actual file and the form data wasn't being sent properly. The problem was HTTP's methods of transmitting arrays. While PHP and other languages can figure out how to handle arrays passed via forms, HTTP isn't quite as sofisticated. I had to rewrite the $postfields array like so:
$postfields = array("method" => $_POST["method"],
"mode" => $_POST["mode"],
"product[name]" => $_POST["product"],
"product[cost]" => $_POST["product"]["cost"],
"product[thumbnail]" => "@{$_FILES["thumbnail"]["tmp_name"]}");
curl_setopt($handle, CURLOPT_POSTFIELDS, $postfields);
This, without the use of http_build_query, solved all of my problems. Now the receiving host outputs both $_POST and $_FILES vars correctly.

miloshio at gmail dot com (2012-10-20 12:06:53)

Remember:
- 'Server-side' cookies exists as information even before they were set on browser agent(HTTP COOKIE HEADER),
- javascript cookies does NOT exists as information before they were set on browser agent,
so, if you're trying to save cookies using CURLOPT_COOKIEJAR to a local file, that cookie must be server - side cookie, otherwise you are wasting time, javascript-produced cookies only exists when client browser's JS interpreter set them.

juozaspo at gmail dot com (2012-09-25 08:47:34)

I've created an example that gets the file on url passed to script and outputs it to the browser. 

<?php
//get the file (e.g. image) and output it to the browser
$ch curl_init(); //open curl handle
curl_setopt($chCURLOPT_URL$_GET['url']); //set an url
curl_setopt($chCURLOPT_RETURNTRANSFER1); //do not output directly, use variable
curl_setopt($chCURLOPT_BINARYTRANSFER1); //do a binary transfer
curl_setopt($chCURLOPT_FAILONERROR1); //stop if an error occurred
$file=curl_exec($ch); //store the content in variable
if(!curl_errno($ch))
{
    
//send out headers and output
    
header ("Content-type: ".curl_getinfo($chCURLINFO_CONTENT_TYPE)."");
    
header ("Content-Length: ".curl_getinfo($chCURLINFO_CONTENT_LENGTH_DOWNLOAD)."");
    echo 
$file;
} else echo 
'Curl error: ' curl_error($ch);
curl_close($ch); //close curl handle
?>

p.s. Make sure that there're no new lines before and after code or script may not work.

qeremy [atta] gmail [dotta] com (2012-08-03 08:57:54)

If you are trying to update something on your server and you need to handle this update operation by PUT;

<?php
curl_setopt
($chCURLOPT_CUSTOMREQUEST"PUT");
curl_setopt($chCURLOPT_PUT1);
?>

are "useless" without;

<?php
curl_setopt
($chCURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT'));
?>

Example;

Updating a book data in database identified by "id 1";

--cURL Part--
<?php
$data 
http_build_query($_POST);
// or
$data http_build_query(array(
   
'name'  => 'PHP in Action',
   
'price' => 10.9
));

$ch curl_init();
curl_setopt($chCURLOPT_URL"http://api.localhost/rest/books/1");
curl_setopt($chCURLOPT_RETURNTRANSFER1);
// curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT"); // no need anymore
// or
// curl_setopt($ch, CURLOPT_PUT, 1); // no need anymore
curl_setopt($chCURLOPT_HTTPHEADER, array('X-HTTP-Method-Override: PUT'));
curl_setopt($chCURLOPT_POSTFIELDS$data);
$ce curl_exec($ch);
curl_close($ch);
print_r($ce);
?>

--API class--
<?php
public function putAction() {
    echo 
"putAction() -> id: "$this->_getParam('id') ."\n";
    
print_r($_POST);
    
// do stuff with post data
    
...
?>

--Output--
putAction() -> id: 15
Array
(
    [name] => PHP in Action
    [price] => 10.9
)

---Keywords--
rest, restfull api, restfull put, curl put, curl customrequest put

adrian at foeder dot de (2012-07-06 07:37:56)

if you want to do a GET request with additional body data it will become tricky not to implicitly change the request to a POST, like many notes below correctly state.
So to do the analogy of command line's

curl -XGET 'http://example.org?foo=bar' -d '<baz>some additional data</baz>'

in PHP you'll do, besides your other necessary stuff,

<?php
    curl_setopt
($curlHandleCURLOPT_CUSTOMREQUEST'GET');
    
curl_setopt($curlHandleCURLOPT_POSTFIELDS'<baz>some additional data</baz>');
?>

during my experiments, every other "similar" way, like e.g. CURLOPT_HTTPGET, didn't send the additional data or fell into POST.

coding query (2012-05-31 17:52:59)

Sometimes we want to extract the HTML content of the remote website page, this technique is called as HTML scrapper. This article will discuss on how we can extract the HTML content of the remote webpage.
We can achieve HTML scrapper operation in 2 step operation:
Call to Remote Web Page and extract the HTML content.
Match the HTML tags using Regular Expression.
Call to Remote Web Page using PHP:
In PHP there are various ways we can call the remote webpage. But here we will be using CURL to achieve our operation.

<?php
$ch 
curl_init();
$timeout 5// set to zero for no timeout
curl_setopt ($chCURLOPT_URL$url);
curl_setopt ($chCURLOPT_RETURNTRANSFER1);
curl_setopt ($chCURLOPT_CONNECTTIMEOUT$timeout);
$file_contents curl_exec($ch);
curl_close($ch);

 
preg_match_all('/<span>[\\/\\(\\)-:<>\\w\\s]+< \\/span>/',$file_contents,$htmlContent);
?>

jeffb at nospam dot videx dot com (2012-05-08 22:53:35)

When trying to pass a multi-dimensional array to CURLOPT_POSTFIELDS, first run it through http_build_query(). That will get rid of the Array to String conversion notice.

Joey Hewitt (2012-04-17 22:52:40)

Note that if you put a certificate chain in a PEM file, the certificates need to be ordered so that each certificate is followed by its issuer (i.e., root last.)
Source: http://publib.boulder.ibm.com/tividd/td/ITIM/SC32-1493-00/en_US/HTML/im451_config09.htm

ellert at _removeme_ vankoperen dot nl (2012-04-06 13:41:47)

If you are using curl to do a soap request and consistently get the following error back:
The server cannot service the request because the media type is unsupported.
You are sending the Content-type of soap 1.2 to a 1.1 server.
Soap 1.1 needs Content-Type: text/xml;
Soap 1.2 should have Content-Type: application/soap+xml;

anonymous (2012-04-03 15:55:05)

This may be not obvious, but if you specify the CURLOPT_POSTFIELDS and don't specify the CURLOPT_POST - it will still send POST, not GET (as you might think - since GET is default).
So the line:
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
is synonym to:
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
Even if you set the options like this (in this order):
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
it will send POST, since CURLOPT_POSTFIELDS is latter.
So if you want GET - make sure you don't have CURLOPT_POSTFIELDS specified somewhere.

mw+php dot net at lw-systems dot de (2012-03-31 18:45:22)

The description of the use of the CURLOPT_POSTFIELDS option should be emphasize, that using POST with HTTP/1.1 with cURL implies the use of a "Expect: 100-continue" header. Some web servers will not understand the handling of chunked transfer of post data.
To disable this behavior one must disable the use of the "Expect:" header with
curl_setopt($ch, CURLOPT_HTTPHEADER,array("Expect:"));

dotpointer at gmail dot com (2012-03-01 08:48:15)

About CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE, and which / how to use.
- CURLOPT_COOKIEJAR is used when cURL is reading cookie data from disk.
- CURLOPT_COOKIEFILE is used when cURL is writing the cookie data to disk.
So you need to specify both (and set the same file location on both) when working with sessions for example.

wonderfish+php at gmail dot com (2012-02-25 00:22:58)

As of at least PHP 5.3.9, if you are continuing to use a cURL session handle after downloading a file and closing the file handle, you will need to change CURLOPT_FILE back to stdout, and cannot count simply on a side effect of CURLOPT_RETURNTRANSFER to do so, even if you are setting it.  For example:

<?php
$ch 
curl_init();
$fh fopen('/path/to/stored/file/example_file.dat''w');
curl_setopt($chCURLOPT_FILE$fh);
curl_setopt($chCURLOPT_URL'http://example.com/example_file.dat');
curl_exec($ch);
fflush($fh);
fclose($fh);

//must reset cURL file handle. Not doing so will cause a warning to be
//thrown and for cURL to default to output regardless
//for our example, we'll set return transfer.
curl_setopt($chCURLOPT_FILEfopen('php://stdout''w'));
curl_setopt($chCURLOPT_RETURNTRANSFERTRUE);
curl_setopt($chCURLOPT_URL'http://example.org/index.html');
$html curl_exec($ch); //this will now work
?>

dotpointer at gmail dot com (2012-02-22 13:13:13)

I noted something when using CURLOPT_POSTFIELDS in combination with arrays from PHP.

You may supply an array, but there may not be any sub-arrays in this array, as this will give Array-to-string-conversion notice.

Example:

<?php
$ch 
curl_init();

# this works
$data = array('name' => 'value');

# this gives "Notice: Array to string conversion..."
$data = array('name' => array('subname' => 'subvalue'));

curl_setopt($chCURLOPT_URL'http://localhost/test.php');
curl_setopt($chCURLOPT_POST1);
curl_setopt($chCURLOPT_POSTFIELDS$data);

curl_exec($ch);
?>

v dot tverdun at gmail dot com (2012-02-16 16:00:58)

Make sure to set keys for array if passing to CURLOPT_POSTFIELDS.

<?php
//This can cause errors
$data = array('bar');

//Use this instead
$data = array('foo' => 'bar');

curl_setopt(CURLOPT_POSTFIELDS$data);
?>

Tim Severien (2012-01-30 11:51:37)

I've been stuck when using the CURLOPT_CONNECTTIMEOUT_MS constant. In fact, on my PHP version (5.3.1) it's not a number but rather a string. Same thing for CURLOPT_TIMEOUT_MS.
I got this error: Warning: curl_setopt() expects parameter 2 to be long, string given
If you are experiencing simular problems, you can replace the constant with the actual number or (re)define the constant.
CURLOPT_TIMEOUT_MS should be 155
CURLOPT_CONNECTTIMEOUT_MS should be 156
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT_MS, 2500); // error
curl_setopt($ch, 156, 2500); // problem solved

Adam Monsen (2012-01-10 16:36:48)

CURLOPT_POST must be left unset if you want the Content-Type header set to "multipart/form-data" (e.g., when CURLOPT_POSTFIELDS is an array). If you set CURLOPT_POSTFIELDS to an array and have CURLOPT_POST set to TRUE, Content-Length will be -1 and most sane servers will reject the request. If you set CURLOPT_POSTFIELDS to an array and have CURLOPT_POST set to FALSE, cURL will send a GET request.

chsa at ten dot ch (2011-12-16 01:39:40)

Sending a post file upload across a squid proxy, the request was rejected by the proxy. In the error page returned it provided among other possible causes:"Expect:" feature is being asked from a HTTP/one.zero.
Solution: Add the option <?php curl_setopt($cl,CURLOPT_HTTPHEADER,array("Expect:")); ?>. This will remove the expect http header.

Steve Kamerman (2011-06-24 11:47:47)

If you want cURL to timeout in less than one second, you can use CURLOPT_TIMEOUT_MS, although there is a bug/"feature"  on "Unix-like systems" that causes libcurl to timeout immediately if the value is < 1000 ms with the error "cURL Error (28): Timeout was reached".  The explanation for this behavior is:

"If libcurl is built to use the standard system name resolver, that portion of the transfer will still use full-second resolution for timeouts with a minimum timeout allowed of one second."

What this means to PHP developers is "You can use this function without testing it first, because you can't tell if libcurl is using the standard system name resolver (but you can be pretty sure it is)"

The problem is that on (Li|U)nix, when libcurl uses the standard name resolver, a SIGALRM is raised during name resolution which libcurl thinks is the timeout alarm.

The solution is to disable signals using CURLOPT_NOSIGNAL.  Here's an example script that requests itself causing a 10-second delay so you can test timeouts:

<?php
if (!isset($_GET['foo'])) {
        
// Client
        
$ch curl_init('http://localhost/test/test_timeout.php?foo=bar');
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
        
curl_setopt($chCURLOPT_NOSIGNAL1);
        
curl_setopt($chCURLOPT_TIMEOUT_MS200);
        
$data curl_exec($ch);
        
$curl_errno curl_errno($ch);
        
$curl_error curl_error($ch);
        
curl_close($ch);

        if (
$curl_errno 0) {
                echo 
"cURL Error ($curl_errno): $curl_error\n";
        } else {
                echo 
"Data received: $data\n";
        }
} else {
        
// Server
        
sleep(10);
        echo 
"Done.";
}
?>

m dot ghadam at gmail dot com (2011-06-13 02:02:31)

When you set ($ch, curlopt_post, 1) , after you have posted your data with curl_exec , you need to set ($ch, curlopt_post, 0), Otherwise all your subsequent requests seems as a post with no postdata and some reverse proxy servers send 500 or 403 error for these case ( access denied or forbidden )!

PHP at RHaworth dot net (2011-04-02 02:31:41)

When CURLOPT_FOLLOWLOCATION and CURLOPT_HEADER are both true and redirect/s have happened then the header returned by curl_exec() will contain all the headers in the redirect chain in the order they were encountered.

support at lostair dot com (2011-03-07 03:26:08)

Force Curl Request To Go To A Particular IP Address

Yes, there is a method of passing an IP address to curl.  Excellent for services with multiple IP addresses and also to take DNS out of the equation for testing/debugging.

<?php
    
function fetch_page($url$host_ip NULL)
    {

      
$ch curl_init();

      if (!
is_null($host_ip))
      {
        
$urldata parse_url($url);

        
//  Ensure we have the query too, if there is any...
        
if (!empty($urldata['query']))
          
$urldata['path'] .= "?".$urldata['query'];

        
//  Specify the host (name) we want to fetch...
        
$headers = array("Host: ".$urldata['host']);
        
curl_setopt($chCURLOPT_HTTPHEADER$headers);

        
//  create the connecting url (with the hostname replaced by IP)
        
$url $urldata['scheme']."://".$host_ip.$urldata['path'];
      }

      
curl_setopt($ch,  CURLOPT_URL$url);
      
curl_setopt ($chCURLOPT_HEADER0);
      
curl_setopt($ch,  CURLOPT_RETURNTRANSFERtrue);

      
$result curl_exec ($ch);
      
curl_close ($ch);

      return 
$result;
    }
?>

S\ (2011-02-18 11:04:06)

When using CURLOPT_POSTFIELDS with an array as parameter, you have to pay high attention to user input. Unvalidated user input will lead to serious security issues.

<?php

/**
 * test.php:
 */
$ch curl_init('http://example.com');

curl_setopt($chCURLOPT_POST1);
curl_setopt($chCURLOPT_POSTFIELDS, array(
    
'foo' => $_GET['bar']
));

curl_exec($ch);

?>

Requesting "test.php?bar=@/home/user/test.png" will send "test.png" to example.com. 
Make sure you remove the leading "@" from user input.

anon@mouse dot com (2011-02-04 10:11:42)

If your POST data seems to be disappearing (POST data empty, request is being handled by the server as a GET), try rearranging the order of CURLOPT_POSTFIELDS setting with CURLOPT_NOBODY. CURLOPT_POSTFIELDS has to come AFTER CURLOPT_NOBODY setting because if it comes after it wipes out the Content-Type header that tells your URL target that the request is a POST not a GET.
Not sure if this is expected behavior but it certainly isn't documented (except on Stackoverflow.com, which is supremely unhelpful - BTW, guys over on stack overflow... once you've figured out a PHP problem, posting the solution here would save everyone extra search time).

W at RHaworth dot net (2011-02-04 04:22:42)

I had problems with the Wikimedia software and sending a POST request where the data was more than 1024 bytes long. I traced this to cURL adding: Expect: 100-continue to the headers.
I added curl_setopt($ch,CURLOPT_HTTPHEADER,array("Expect:")); and that suppresses the Expect line.

zsalab (2011-01-27 17:12:02)

Handling redirections with curl if safe_mode or open_basedir is enabled. The function working transparent, no problem with header and returntransfer options. You can handle the max redirection with the optional second argument (the function is set the variable to zero if max redirection exceeded).
Second parameter values:
- maxredirect is null or not set: redirect maximum five time, after raise PHP warning
- maxredirect is greather then zero: no raiser error, but parameter variable set to zero
- maxredirect is less or equal zero: no follow redirections

<?php
function curl_exec_follow(/*resource*/ $ch/*int*/ &$maxredirect null) {
    
$mr $maxredirect === null intval($maxredirect);
    if (
ini_get('open_basedir') == '' && ini_get('safe_mode' == 'Off')) {
        
curl_setopt($chCURLOPT_FOLLOWLOCATION$mr 0);
        
curl_setopt($chCURLOPT_MAXREDIRS$mr);
    } else {
        
curl_setopt($chCURLOPT_FOLLOWLOCATIONfalse);
        if (
$mr 0) {
            
$newurl curl_getinfo($chCURLINFO_EFFECTIVE_URL);

            
$rch curl_copy_handle($ch);
            
curl_setopt($rchCURLOPT_HEADERtrue);
            
curl_setopt($rchCURLOPT_NOBODYtrue);
            
curl_setopt($rchCURLOPT_FORBID_REUSEfalse);
            
curl_setopt($rchCURLOPT_RETURNTRANSFERtrue);
            do {
                
curl_setopt($rchCURLOPT_URL$newurl);
                
$header curl_exec($rch);
                if (
curl_errno($rch)) {
                    
$code 0;
                } else {
                    
$code curl_getinfo($rchCURLINFO_HTTP_CODE);
                    if (
$code == 301 || $code == 302) {
                        
preg_match('/Location:(.*?)\n/'$header$matches);
                        
$newurl trim(array_pop($matches));
                    } else {
                        
$code 0;
                    }
                }
            } while (
$code && --$mr);
            
curl_close($rch);
            if (!
$mr) {
                if (
$maxredirect === null) {
                    
trigger_error('Too many redirects. When following redirects, libcurl hit the maximum amount.'E_USER_WARNING);
                } else {
                    
$maxredirect 0;
                }
                return 
false;
            }
            
curl_setopt($chCURLOPT_URL$newurl);
        }
    }
    return 
curl_exec($ch);
}
?>

gskluzacek at gmail dot com (2011-01-26 13:42:03)

FYI... unless you specifically set the user agent, no user agent will be sent in your request as there is no default value like some of the other options.
As others have said, not sending a user agent may cause you to not get the results that you expected, e.g., 0 byte length content, different content, etc.

john dot david dot steele at gmail dot com (2010-12-03 13:03:51)

A note on the way Curl posts files...

<?php
  curl_setopt
($chCURLOPT_POSTFIELDS, array('file' => '@/path/to/file.ext');
?>

will post the FULL PATH of the file in the filename field:

Content-Disposition: form-data; name="file"; filename="/path/to/file.ext"

Whereas typical browser behavior only sends the filename:

Content-Disposition: form-data; name="file"; filename="file.ext"

Workaround: 
<?php
  curl_setopt
($chCURLOPT_POSTFIELDS, array('file' => '@file.ext');
  
$cwd getcwd();
  
chdir('/path/to/');
  
$receivedData curl_exec($ch);
  
chdir($cwd);
?>

scy-phpmanual at scytale dot name (2010-11-29 04:01:05)

In order to reset CURLOPT_HTTPHEADER, set it to array(). The cURL C API says you should set it to NULL, but that doesn’t work in the PHP wrapper.

prohfesor at gmail dot com (2010-11-02 01:30:18)

This function helps to parse netscape cookie file, generated by cURL into cookie array:

<?php
  
function _curl_parse_cookiefile($file) {
    
$aCookies = array();
    
$aLines file($file);
    foreach(
$aLines as $line){
      if(
'#'==$line{0})
        continue;
      
$arr explode("\t"$line);
      if(isset(
$arr[5]) && isset($arr[6]))
        
$aCookies[$arr[5]] = $arr[6];
    }
    
    return 
$aCookies
  }
?>

kavih7 at yahoo dot com (2010-09-23 20:59:38)

When POSTing with cURL, my POSTs were magically being converted to GETs and I debugged it until finding the issue. I was setting the CURLOPT_MUTE option. Not sure why this conflicts, since the documentation doesn't specify as such. Anyways, if your $_POST is empty, make sure you aren't setting CURLOPT_MUTE.
Cheers!

curlysue (2010-08-19 02:34:43)

If you've got problems with connecting througth a proxy using php/apache/xampp. So if you get no result string from the exec function, try enabling the following options in apache.
...\xampp\apache\conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
cURL seems to neet this modules.

daniel at blacklotus dot no (2010-08-15 05:33:17)

Sime sites may protect themselves from remote logins by checking which site you came from.

Then you might want to use CURLOPT_REFERER.

<?php

// $url = page to POST data
// $ref_url = tell the server which page you came from (spoofing)
// $login = true will make a clean cookie-file.
// $proxy = proxy data
// $proxystatus = do you use a proxy ? true/false

function 
curl_grab_page($url,$ref_url,$data,$login,$proxy,$proxystatus){
    if(
$login == 'true') {
        
$fp fopen("cookie.txt""w");
        
fclose($fp);
    }
    
$ch curl_init();
    
curl_setopt($chCURLOPT_COOKIEJAR"cookie.txt");
    
curl_setopt($chCURLOPT_COOKIEFILE"cookie.txt");
    
curl_setopt($chCURLOPT_USERAGENT"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
    
curl_setopt($chCURLOPT_TIMEOUT40);
    
curl_setopt($chCURLOPT_RETURNTRANSFERTRUE);
    if (
$proxystatus == 'true') {
        
curl_setopt($chCURLOPT_HTTPPROXYTUNNELTRUE);
        
curl_setopt($chCURLOPT_PROXY$proxy);
    }
    
curl_setopt($chCURLOPT_SSL_VERIFYHOST0);
    
curl_setopt($chCURLOPT_SSL_VERIFYPEER0);

    
curl_setopt($chCURLOPT_URL$url);
    
curl_setopt($chCURLOPT_RETURNTRANSFER1);
    
curl_setopt($chCURLOPT_REFERER$ref_url);

    
curl_setopt($chCURLOPT_HEADERTRUE);
    
curl_setopt($chCURLOPT_USERAGENT$_SERVER['HTTP_USER_AGENT']);
    
curl_setopt($chCURLOPT_FOLLOWLOCATIONTRUE);
    
curl_setopt($chCURLOPT_POSTTRUE);
    
curl_setopt($chCURLOPT_POSTFIELDS$data);
    
ob_start();
    return 
curl_exec ($ch); // execute the curl command
    
ob_end_clean();
    
curl_close ($ch);
    unset(
$ch);
}

echo 
curl_grab_page("https://www.example.net/login.php""https://www.example.net/""username=foo&password=bar""true",  "null""false");

?>

sam at def dot reyssi dot net (2010-07-28 03:43:10)

Be careful when setting the CURLOPT_POSTFIELDS setting using an array. The array used to set the POST fields must only contain scalar values. Multidimentional arrays or objects lacking a __toString implementation will cause Curl to error.

If there is a need to send non-scalar values using a POST request, consider serializing them before transmission.

<?php
$ch 
curl_init('http://host.example.com');

// Data to post
$multiDimensional = array(
   
'name' 'foo',
   
'data' = array(1,2,3,4),
   
'value' 'bar'
);

// Will error
curl_setopt($chCURLOPT_POSTFIELDS$multiDimensional);

// Data to post
$postData = array(
  
'name' 'foo',
  
'data' serialize(array(1,2,3,4)),
  
'value' 'bar'
);

// Will not error
curl_setopt($chCURLOPT_POSTFIELDS$postData);
?>

joeterranova at gmail dot com (2010-07-26 12:57:50)

It appears that setting CURLOPT_FILE before setting CURLOPT_RETURNTRANSFER doesn't work, presumably because CURLOPT_FILE depends on CURLOPT_RETURNTRANSFER being set.

So do this:

<?php
curl_setopt
($chCURLOPT_RETURNTRANSFER1);
curl_setopt($chCURLOPT_FILE$fp);
?>

not this:

<?php
curl_setopt
($chCURLOPT_FILE$fp);
curl_setopt($chCURLOPT_RETURNTRANSFER1);
?>

patryk at do dot not dot spam dot com (2010-07-05 05:33:46)

CURLOPT_HTTPPROXYTUNNEL means curl will use CONNECT method of the HTTP protocol to make a tunnel through a proxy, which is most likely not the one you want to do.

JScott jscott401 at gmail dot com (2010-06-18 07:29:21)

Some additional notes for curlopt_writefunction. I struggled with this at first because it really isn't documented very well.

When you write a callback function and use it with curlopt_writefunction it will be called MULTIPLE times. Your function MUST return the ammount of data written to it each time. It is very picky about this. Here is a snippet from my code that may help you

<?php
curl_setopt
($this->curl_handleCURLOPT_WRITEFUNCTION, array($this"receiveResponse"));

// later on in the class I wrote my receive Response method

private function receiveResponse($curlHandle,$xmldata)
                {
                        
$this->responseString $xmldata;
                        
$this->responseXML .=  $this->responseString;
                        
$this->length strlen($xmldata);
                        
$this->size += $this->length;
                        return 
$this->length;

                }
?>

Now I did this for a class. If you aren't doing OOP then you will obviously need to modify this for your own use.

CURL calls your script MULTIPLE times because the data will not always be sent all at once. Were talking internet here so its broken up into packets. You need to take your data and concatenate it all together until it is all written. I was about to pull my damn hair out because I would get broken chunks of XML back from the server and at random lengths. I finally figured out what was going on. Hope this helps

shailesh4all at gmail dot com (2010-05-29 03:42:46)

Hi,
Anyone who is interested in submitting their information by post to HTTPS site (e.g. payment gateway) where https page needs basic authentication before submitting the information. below code will be helpful. 

<?php
$submit_url 
"https://sitename/process.php";

$curl curl_init();

curl_setopt($curlCURLOPT_HTTPAUTHCURLAUTH_BASIC ) ;
curl_setopt($curlCURLOPT_USERPWD"username:password");
curl_setopt($curlCURLOPT_SSLVERSION,3);
curl_setopt($curlCURLOPT_SSL_VERIFYPEERFALSE);
curl_setopt($curlCURLOPT_SSL_VERIFYHOST2);
curl_setopt($curlCURLOPT_HEADERtrue);
curl_setopt($curlCURLOPT_POSTtrue);
curl_setopt($curlCURLOPT_POSTFIELDS$params ); 
curl_setopt($curlCURLOPT_RETURNTRANSFERtrue);
curl_setopt($curlCURLOPT_USERAGENT"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($curlCURLOPT_URL$submit_url);

$data split("text/html"curl_exec($curl) );
$temp split("\r\n"$data[1]) ;

$result unserialize$temp[2] ) ;

print_r($result);
curl_close($curl);
?>

obones_remove_me at free dot fr (2010-04-27 03:27:11)

For those of you wondering how to specify the content-type for a file uploaded via curl, the syntax is as follows:

<?php

$data 
= array('file' => '@/home/user/test.png;type=image/png');

?>

Simply adding a semicolon with the type= at the end.
Note that this has been reported not to work in all versions of PHP and I have done the following tests:

5.2.6 (libcurl 7.18.2) : Does not work
5.2.13 (libcurl 7.20.0) : Works just fine

So it might be worth updating your installation of PHP and/or libcurl if you want to be able to use this syntax

sjungwirth at google mail dot com (2010-04-22 15:11:48)

I couldn't find a way to force a curl request to go to a particular IP address, but you can do it with fsockopen:
<?php
    $ip 
'123.45.67.89';
    
$fp fsockopen($ip80$errno$errstr5);
    
$result '';
    if (!
$fp) {
        echo 
"$errstr ($errno)<br />\n";
    } else {
        
$out "GET /path/to/the/file.ext HTTP/1.1\r\n";
        
$out .= "Host: www.exampl.com\r\n";
        
$out .= "Connection: Close\r\n\r\n";
        
fwrite($fp$out);
        while (!
feof($fp)) {
            
$result .= fgets($fp128);
        }
        
fclose($fp);
    }
?>
I needed it to test the response from a set of servers behind a load balancer.

clint at fewbar dot com (2010-04-16 14:56:04)

If you have turned on conditional gets on a curl handle, and then for a subsequent request, you don't have a good setting for CURLOPT_TIMEVALUE , you can disable If-Modified-Since checking with:

<?php

$ch 
curl_init();
curl_setopt($chCURLOPT_URL$foo);
curl_setopt($chCURLOPT_TIMEVALUEfilemtime($foo_path));
curl_setopt($chCURLOPT_TIMECONDITIONCURLOPT_TIMECOND_IFMODIFIEDSINCE);
curl_exec($ch);
// Reuse same curl handle
curl_setopt($chCURLOPT_URL$bar);
curl_setopt($chCURLOPT_TIMEVALUEnull); // don't know mtime
curl_setopt($chCURLOPT_TIMECONDITION0); // set it to 0, turns it off
curl_exec($ch);

?>

julien veneziano (2010-04-08 03:56:37)

If you need to send deta in a DELETE request, use:

<?php
$request_body 
'some data';
$ch curl_init('http://www.example.com');
        
curl_setopt($chCURLOPT_POSTFIELDS$request_body);
        
curl_setopt($chCURLOPT_FOLLOWLOCATION1);
        
curl_setopt($chCURLOPT_HEADER0); 
        
curl_setopt($chCURLOPT_RETURNTRANSFER1);
        
curl_setopt($chCURLOPT_CUSTOMREQUEST"DELETE");
        
$response curl_exec($ch);
var_dump($response);
?>

anderseta at gmail dot com (2010-03-22 02:48:12)

If you wish to find the size of the file you are streaming and use it as your header this is how:

<?php

function write_function($curl_resource$string)
{
    if(
curl_getinfo($curl_resourceCURLINFO_SIZE_DOWNLOAD) <= 2000)
    {
        
header('Expires: 0');
        
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        
header('Pragma: public');
        
header('Content-Description: File Transfer');
        
header("Content-Transfer-Encoding: binary");
        
header("Content-Type: ".curl_getinfo($curl_resourceCURLINFO_CONTENT_TYPE)."");
        
header("Content-Length: ".curl_getinfo($curl_resourceCURLINFO_CONTENT_LENGTH_DOWNLOAD)."");
    }
    
    print 
$string;

    return 
mb_strlen($string'8bit');
}

?>

1440 is the the default number of bytes curl will call the write function (BUFFERSIZE does not affect this, i actually think you can not change this value), so it means the headers are going to be set only one time.

write_function must return the exact number of bytes of the string, so you can return a value with mb_strlen.

starosielec at googlemail dot com (2010-02-19 15:07:58)

You can use also use object methods as callback functions. This is usefull if your curl ressource is part of an object handling transfers.
Instead of curl_setopt($curl, CURLOPT_WRITEFUNCTION, "curl_handler_recv") you can use array($object, "method") as value for callback options.

For example:

<?php
class downloader {
    private 
$curl;

    function 
__construct() {
        
$this->curl curl_init();
        
curl_setopt($this->curlCURLOPT_WRITEFUNCTION, array($this"curl_handler_recv"));
    }

     function 
curl_handler_recv($res$data) {
      
//...
     
}
   
//... 
}
?>

Ed Cradock (2010-02-05 10:47:22)

PUT requests are very simple, just make sure to specify a content-length header and set post fields as a string.

Example:

<?php
function doPut($url$fields)
{
   
$fields = (is_array($fields)) ? http_build_query($fields) : $fields;

   if(
$ch curl_init($url))
   {
      
curl_setopt($chCURLOPT_CUSTOMREQUEST'PUT');
      
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
      
curl_setopt($chCURLOPT_HTTPHEADER, array('Content-Length: ' strlen($fields)));
      
curl_setopt($chCURLOPT_POSTFIELDS$fields);
      
curl_exec($ch);

      
$status curl_getinfo($chCURLINFO_HTTP_CODE);

      
curl_close($ch);

      return (int) 
$status;
   }
   else
   {
      return 
false;
   }
}

if(
doPut('http://example.com/api/a/b/c', array('foo' => 'bar')) == 200)
   
// do something
else
   
// do something else.
?>

You can grab the request data on the other side with:

<?php
if($_SERVER['REQUEST_METHOD'] == 'PUT')
{
   
parse_str(file_get_contents('php://input'), $requestData);

   
// Array ( [foo] => bar )
   
print_r($requestData);

   
// Do something with data...
}
?>

DELETE  can be done in exactly the same way.

Pawel Antczak (2009-12-09 12:07:51)

Hello. 
During problems with "CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set" 
I was looking for solution. 
I've found few methods on this page, but none of them was good enough, so I made one.
<?php
function curl_redirect_exec($ch, &$redirects$curlopt_header false) {
    
curl_setopt($chCURLOPT_HEADERtrue);
    
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
    
$data curl_exec($ch);
    
$http_code curl_getinfo($chCURLINFO_HTTP_CODE);
    if (
$http_code == 301 || $http_code == 302) {
        list(
$header) = explode("\r\n\r\n"$data2);
        
$matches = array();
        
preg_match('/(Location:|URI:)(.*?)\n/'$header$matches);
        
$url trim(array_pop($matches));
        
$url_parsed parse_url($url);
        if (isset(
$url_parsed)) {
            
curl_setopt($chCURLOPT_URL$url);
            
$redirects++;
            return 
curl_redirect_exec($ch$redirects);
        }
    }
    if (
$curlopt_header)
        return 
$data;
    else {
        list(,
$body) = explode("\r\n\r\n"$data2);
        return 
$body;
    }
}
?>

Main issue in existing functions was lack of information, how many redirects was done. 
This one will count it. 
First parameter as usual. 
Second should be already initialized integer, it will be incremented by number of done redirects. 
You can set CURLOPT_HEADER if You need it.

php dot net at NO dot sgerrand dot SPAM dot com (2009-11-02 23:01:00)

If you change the post array to a string, PHP creates the post data successfully.

As a quick and dirty example of implementing this fix:

<?php

$ch 
curl_init;
$url 'http://www.example.com';

curl_setopt($chCURLOPT_URL$url);
curl_setopt($chCURLOPT_POSTtrue);

foreach (
$postData as $var) if (strpos($var'@') === 0) {
    
$postAsString true;
}

if (
$postAsString === true) {
    
$str '';

    foreach (
$postData as $key => $val) {
        
$str .= '&' $key '=' $val;
    }

    
$postData substr_replace($str''01);
}

curl_setopt($chCURLOPT_POSTFIELDS$postData);

curl_exec($ch);

?>

Chris at PureFormSolutions dot com (2009-09-22 15:54:17)

I've found that setting CURLOPT_HTTPHEADER more than once will clear out any headers you've set previously with CURLOPT_HTTPHEADER.

Consider the following:
<?php
    
# ...

    
curl_setopt($cURL,CURLOPT_HTTPHEADER,array (
        
"Content-Type: text/xml; charset=utf-8",
        
"Expect: 100-continue"
    
));

    
# ... do some other stuff ...

    
curl_setopt($cURL,CURLOPT_HTTPHEADER,array (
        
"Accept: application/json"
    
));

    
# ...
?>

Both the Content-Type and Expect I set will not be in the outgoing headers, but Accept will.

Stan van de Burgt (2009-09-19 02:41:16)

If you get a "failed creating formpost data" upon curl_exec() when POSTing a form, check if one of the field values starts with the @ character.
Took me an hour or so to find out as I wanted to post a @reply tweet to twitter which typically start with @screenname.

Tyranoweb (2009-09-04 14:42:41)

There is a function to send POST data in page with five parameters :

$post must be an array
$page is the page where POST datas will be send.
$n must be true to continue if they are php redirection (Location: )
$session must be define true if you want to use cookies 
$referer must be a link to get a wrong referer or only to have a referer.

<?php
function curl_data_post($post$page$n$session$referer)
    {
        if(!
is_array($post))
        {
         return 
false;
        }
        
        
$DATA_POST curl_init();
        
curl_setopt($DATA_POSTCURLOPT_RETURNTRANSFERtrue);
        
curl_setopt($DATA_POSTCURLOPT_URL$page);
        
curl_setopt($DATA_POSTCURLOPT_POSTtrue);
        if(
$n)
        {
         
curl_setopt($DATA_POSTCURLOPT_FOLLOWLOCATIONtrue);
        }
        if(
$session)
        {
         
curl_setopt($DATA_POSTCURLOPT_COOKIEFILE'cookiefile.txt');
         
curl_setopt($DATA_POSTCURLOPT_COOKIEJAR'cookiefile.txt'); 
        }
        
        if(
$referer)
        {
         
curl_setopt($DATA_POSTCURLOPT_REFERER$referer); 
        }
        
        
curl_setopt($DATA_POSTCURLOPT_POSTFIELDS$post);
        
$data curl_exec($DATA_POST);
        if(
$data == false)
        {
         echo
'Warning : ' curl_error($DATA_POST);
         
curl_close($DATA_POST);
         return 
false;
        }
        else
        {
         
curl_close($DATA_POST);
         return 
$data;
        }
    }
?>

rob (2009-08-23 21:07:21)

Whats not mentioned in the documentation is that you have to set CURLOPT_COOKIEJAR to a file for the CURL handle to actually use cookies, if it is not set then cookies will not be parsed.

Sylvain R (2009-07-28 03:05:03)

When you are using CURLOPT_FILE to download directly into a file you must close the file handler after the curl_close() otherwise the file will be incomplete and you will not be able to use it until the end of the execution of the php process.

<?php

$fh 
fopen('/tmp/foo''w');
$ch curl_init('http://example.com/foo');
curl_setopt($chCURLOPT_FILE$fh);
curl_exec($ch);
curl_close($ch);

# at this point your file is not complete and corrupted

fclose($fh);

# now you can use your file;

read_file('/tmp/foo');

?>

mikeseth at gmail dot com (2009-07-15 02:32:12)

When using CURLOPT_FILE, pass it the file handle that is open for write only (eg fopen('blahblah', 'w+')). If you also open the file for reading (eg fopen('blahblah', 'rw')), curl will fail with error 23.

Victor Jerlin (2009-07-03 04:12:02)

Seems like some options not mentioned on this page, but listed on http://curl.haxx.se/libcurl/c/curl_easy_setopt.html is actually supported.
I was happy to see that I could actually use CURLOPT_FTP_CREATE_MISSING_DIRS even from PHP.

xektrum at gmail dot com (2009-07-02 09:14:56)

As of php 5.3 CURLOPT_PROGRESSFUNCTION its supported here's how:

<?php

function callback($download_size$downloaded$upload_size$uploaded)
{
    
// do your progress stuff here
}

$ch curl_init('http://www.example.com');

// This is required to curl give us some progress
// if this is not set to false the progress function never
// gets called
curl_setopt($chCURLOPT_NOPROGRESSfalse);

// Set up the callback
curl_setopt($chCURLOPT_PROGRESSFUNCTION'callback');

// Big buffer less progress info/callbacks
// Small buffer more progress info/callbacks
curl_setopt($chCURLOPT_BUFFERSIZE128);

$data curl_exec($ch);

?>

Hope this help.

Andrew (2009-06-14 04:56:26)

I noticed that if you want to get current cookie file after curl_exec() - you need to close current curl handle (like it said in manual), but if you want cookies to be dumped to file after any curl_exec (without curl_close) you can:

<?php
#call it normally
$ch curl_init(); 
curl_setopt($chCURLOPT_HEADER0); 
curl_setopt($chCURLOPT_COOKIEFILE"cookiefile"); 
curl_setopt($chCURLOPT_COOKIEJAR"cookiefile"); 
curl_setopt($chCURLOPT_FOLLOWLOCATION1); 
curl_setopt($chCURLOPT_URL'http://www.example.com/'); 
$result1 curl_exec($ch); 

#and then  make a temp copy
$ch_temp=curl_copy_handle(ch);
curl_close($ch);
$ch=$ch_temp;
?>

Only this way, if you close $ch_temp - cookies wont be dumped.

ericbianchetti at gmail dot com (2009-06-04 03:06:10)

if you need to send a SOAP string that is the CURL you must use :

<?php
$ch 
curl_init();
curl_setopt($chCURLOPT_URLXML_POST_URL); 
curl_setopt ($chCURLOPT_HTTPHEADER, array('SOAPAction: ""'));    
curl_setopt($chCURLOPT_RETURNTRANSFER1); 
curl_setopt($chCURLOPT_SSL_VERIFYPEERFALSE);
curl_setopt($chCURLOPT_POSTFIELDSXML_PAYLOAD); 
curl_setopt($chCURLOPT_HEADER0);

$output curl_exec($ch); 
?>

Note : Having based my snipet on Chemo demonstration (oscommerce user know who he is), XML_POST_URL and XML_PAYLOAD where defined as constant with define().

The point is : at the opposite of .xml , SOAP must send the header 'SOAPAction: ""' that can be a valid URI, an empty string (that is here) or nothing ('SOAPAction: '). The later case baing not accepted by all server, the second one indicating the target is the URI used to post the SOAP.
http://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383528

franciscocha at gmail dot com (2009-05-19 15:11:25)

Example how to connect to FTPES (FTP explicit SSL). This script will connect to any FTPES server and out put the list of directories.

<?php
    $username 
'username';
    
$password 'password';
    
$url 'example.com';
    
$ftp_server "ftp://" $username ":" $password "@" $url;
    
    echo 
"Starting CURL.\n";
    
$ch curl_init();
    echo 
"Set CURL URL.\n";
    
    
//curl FTP
    
curl_setopt($chCURLOPT_URL$ftp_server);
    
    
//For Debugging
    //curl_setopt($ch, CURLOPT_VERBOSE, TRUE);    
    
    //SSL Settings
    
curl_setopt($chCURLOPT_SSL_VERIFYPEERFALSE);
    
curl_setopt($chCURLOPT_SSL_VERIFYHOSTFALSE);
    
curl_setopt($chCURLOPT_FTP_SSLCURLFTPSSL_TRY);
    
    
//List FTP files and directories
    
curl_setopt($chCURLOPT_FTPLISTONLYTRUE);
    
    
//Output to curl_exec
    
curl_setopt($chCURLOPT_RETURNTRANSFER1);

    echo 
"Executing CURL.\n";
    
$output curl_exec($ch);
    
curl_close($ch);
    echo 
"Closing CURL.\n";
    echo 
$output "\n";

   
$files explode("\n"$output);
   
print_r($files);
?>

ashooner - - gmail , com (2009-03-22 15:28:12)

When passing CURLOPT_POSTFIELDS a url-encoded string in order to use Content-Type: application/x-www-form-urlencoded, you can pass a string directly:
<?php
curl_setopt
(CURLOPT_POSTFIELDS'field1=value&field2=value2');
?>

rather than passing the string in an array, as in fred at themancan dot com's example.

Ariz Jacinto (2009-02-01 18:36:32)

if unserialize() returns FALSE on a serialized PHP object due to an extraneous string (e.g. "1") appended at the end of the object, you need to set the ff cURL option:

<?php
curl_setopt
($chCURLOPT_RETURNTRANSFERtrue);
?>

urkle at outoforder dot cc (2009-01-28 06:49:15)

To send a post as a different content-type (ie.. application/json or text/xml) add this setopt call

<?php
curl_setopt
($chCURLOPT_HTTPHEADERS,array('Content-Type: application/json'));
?>

[EDIT BY danbrown AT php DOT net: Contains a typofix by 'KdoubleU' on 3-FEB-09.]

fnjordy at gmail dot com (2008-11-30 23:28:58)

Note that CURLOPT_RETURNTRANSFER when used with CURLOPT_WRITEFUNCTION has effectively three settings: default, true, and false.
default - callbacks will be called as expected.
true - content will be returned but callback function will not be called.
false - content will be output and callback function will not be called.
Note that CURLOPT_HEADERFUNCTION callbacks are always called.

saidk at phirebranding dot com (2008-11-19 13:31:11)

Passing in PHP's $_SESSION into your cURL call:

<?php
session_start
();
$strCookie 'PHPSESSID=' $_COOKIE['PHPSESSID'] . '; path=/';
session_write_close();

$curl_handle curl_init('enter_external_url_here');
curl_setopt$curl_handleCURLOPT_COOKIE$strCookie );
curl_exec($curl_handle);
curl_close($curl_handle);
?>

This worked great for me.  I was calling pages from the same server and needed to keep the $_SESSION variables.  This passes them over.  If you want to test, just print_r($_SESSION);

Enjoy!

dorphalsig at gmail dot com (2008-10-10 14:20:59)

This may not be a surprise for many, but I know I bled my eyes out trying to implement this in php. And when I knew it was this simple, I really felt extremely stupid. So I put this just so google will save somebody some time in the future.

PHP NTLM AUTH

Make sure you have the 'curl' extension loaded
now just do...

<?php
curl_setopt
($ch,CURLAUTH_NTLM);
curl_setopt($ch,CURLOPT_USERPWD,"$username:$password");
?>

and just continue to use curl in the ordinary fashion.

OPALA (2008-09-26 00:37:23)

To fetch (or submit data to) multiple pages during one session,use this:

<?php
$ch 
curl_init();
curl_setopt($chCURLOPT_SSL_VERIFYPEERFALSE);
curl_setopt($chCURLOPT_RETURNTRANSFERTRUE);
curl_setopt($chCURLOPT_COOKIESESSIONTRUE);
curl_setopt($chCURLOPT_HEADER0);
curl_setopt($chCURLOPT_COOKIEFILE"cookiefile");
curl_setopt($chCURLOPT_COOKIEJAR"cookiefile");
curl_setopt($chCURLOPT_COOKIEsession_name() . '=' session_id());
curl_setopt($chCURLOPT_FOLLOWLOCATION1);

curl_setopt($chCURLOPT_URL'http://example.com/page1.php');
$result1 curl_exec($ch);

curl_setopt($chCURLOPT_URL'http://example.com/page2.php');
$result2 curl_exec($ch);

curl_close($ch);
?>

rkirilow at gmail dot com (2008-09-16 01:34:10)

Some of you may noticed that curl is not transferring cookies between sequent calls to a host. This is because you must activate curl`s "cookie parser". That is achieved using an external file like this:
<?php
curl_setopt
(CURLOPT_FILE'/tmp/cookies_file');
?>
If you don`t need to read any cookies but you still want the "cookie parser" use the same code but with dummy file with no data like '/dev/null', that way curl is storing cookies internaly per curl_handle:
<?php
curl_setopt
(CURLOPT_FILE'/dev/null');
?>

[EDIT BY danbrown AT php DOT net: In a note dated 26-SEP-08, (adamplumb AT gmail DOT com) offered the following addendum:

[It] should really be CURLOPT_COOKIEFILE.  I was bitten by this issue myself with code that previously worked for logging into a website and posting a form.  However, at some point the code just stopped working, and I eventually found that I needed to set this option to /dev/null for it to work.
]

George (2008-08-22 17:14:39)

If you set CURLOPT_RESUME_FROM to resume the file, and then reuse the same Curl handle to download another file, you must reset the resume status by calling curl_setopt( $ch, CURLOPT_RESUME_FROM, 0 ). It will not reset, and will apply to all subsequent transfers even if the URL is the same.

w dot danford at electronics-software dot com (2008-08-12 10:12:19)

Just a small detail I too easily overlooked.
<?php
/*  If you set:  */
curl_setopt ($chCURLOPT_POST1);
/* then you must have the data: */
curl_setopt ($chCURLOPT_POSTFIELDS$PostData);
?>
I found with only the CURLOPT_POST set (from copy, paste editing of course) cookies were not getting sent with CURLOPT_COOKIE.  Just something subtle to watch out for.

fred at themancan dot com (2008-08-05 16:28:29)

To find what encoding a given HTTP POST request uses is easy -- passing an array to CURLOPT_POSTFIELDS results in  multipart/form-data:

<?php
curl_setopt
(CURLOPT_POSTFIELDS, array('field1' => 'value'));
?>

Passing a URL-encoded string will result in application/x-www-form-urlencoded:

<?php
curl_setopt
(CURLOPT_POSTFIELDS, array('field1=value&field2=value2'));
?>

I ran across this when integrating with both a warehouse system and an email system; neither would accept multipart/form-data, but both happily accepted application/x-www-form-urlencoded.

jID (2008-08-05 04:56:41)

if you use
<?php
curl_setopt
($chCURLOPT_INTERFACE"XXX.XXX.XXX.XXX");
?>
to specify IP adress for request, sometimes you need to get list of all your IP's.

ifconfig command will output something like:

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=8<VLAN_MTU>
    inet 82.146.XXX.XXX netmask 0xffffffff broadcast 82.146.XXX.XXX
    inet 78.24.XXX.XXX netmask 0xffffffff broadcast 78.24.XXX.XXX
    inet 82.146.XXX.XXX netmask 0xffffffff broadcast 82.146.XXX.XXX
    inet 82.146.XXX.XXX netmask 0xffffffff broadcast 82.146.XXX.XXX
    inet 82.146.XXX.XXX netmask 0xffffffff broadcast 82.146.XXX.XXX
    inet 78.24.XXX.XXX netmask 0xffffffff broadcast 78.24.XXX.XXX
    inet 78.24.XXX.XXX netmask 0xffffffff broadcast 78.24.XXX.XXX
    ether XX:XX:XX:XX:XX:XX
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
    Opened by PID 564
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
    Opened by PID 565
    Opened by PID 565

My solution for FreeBSD 6 and PHP 5 was:
<?php
  ob_start
();
  
$ips=array();
  
$ifconfig=system("ifconfig");
  echo 
$ifconfig;
  
$ifconfig=ob_get_contents();
  
ob_end_clean();
  
$ifconfig=explode(chr(10), $ifconfig);
  for (
$i=0$i<count($ifconfig); $i++) {
    
$t=explode(" "$ifconfig[$i]);
    if (
$t[0]=="\tinet") {
      
array_push($ips$t[1]);
    }     
  }
  for (
$i=0$i<count($ips); $i++) {
    echo 
$ips[$i]."\n";
  }
?>

You will get list of IP adresses in $ips array, like:
82.146.XXX.XXX
78.24.XXX.XXX
82.146.XXX.XXX
82.146.XXX.XXX
82.146.XXX.XXX
78.24.XXX.XXX
78.24.XXX.XXX

ac at an dot y-co dot de (2008-07-10 10:08:48)

If you want to connect to a server which requires that you identify yourself with a certificate, use following code. Your certificate and servers certificate are signed by an authority whose certificate is in ca.ctr.

<?php
curl_setopt
($chCURLOPT_VERBOSE'1');
curl_setopt($chCURLOPT_SSL_VERIFYHOST'1');
curl_setopt($chCURLOPT_SSL_VERIFYPEER'1');
curl_setopt($chCURLOPT_CAINFO,  getcwd().'/cert/ca.crt');
curl_setopt($chCURLOPT_SSLCERTgetcwd().'/cert/mycert.pem');
curl_setopt($chCURLOPT_SSLCERTPASSWD'password');
?>

If your original certificate is in .pfx format, you have to convert it to .pem using following commands
# openssl pkcs12 -in mycert.pfx -out mycert.key
# openssl rsa -in mycert.key -out mycert.pem
# openssl x509 -in mycert.key >> mycert.pem

nick at glype dot com (2008-07-07 09:18:07)

Although CURLOPT_CLOSEPOLICY and the applicable choices are valid constants, setting this option with curl_setopt() always returns false. A quick google search suggests the option is deprecated and/or never worked.

Salil Kothadia (2008-06-19 09:02:32)

In PHP5, for the "CURLOPT_POSTFIELDS" option, we can use:

<?php
$ch 
curl_init($URI);
$Post http_build_query($PostData);
curl_setopt($chCURLOPT_POSTFIELDS$Post);
$Output curl_exec($ch);
curl_close($ch);
?>

sgamon at yahoo dot com (2008-04-09 17:55:35)

If you are doing a POST, and the content length is 1,025 or greater, then curl exploits a feature of http 1.1: 100 (Continue) Status.

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html#sec8.2.3

* it adds a header, "Expect: 100-continue".  
* it then sends the request head, waits for a 100 response code, then sends the content 

Not all web servers support this though.  Various errors are returned depending on the server.  If this happens to you, suppress the "Expect" header with this command:

<?php
curl_setopt
($chCURLOPT_HTTPHEADER, array('Expect:'));
?>

See http://www.gnegg.ch/2007/02/the-return-of-except-100-continue/

john factorial (2008-04-04 08:22:51)

Clarification for the CURLOPT_NOBODY option: by excluding the body from your request, you're effectively making a HEAD request. Use the CURLOPT_NOBODY option to return only the headers in the remote response.

Example:

<?php
function check_url($url) {
    
$c curl_init();
    
curl_setopt($cCURLOPT_URL$url);
    
curl_setopt($cCURLOPT_HEADER1); // get the header
    
curl_setopt($cCURLOPT_NOBODY1); // and *only* get the header
    
curl_setopt($cCURLOPT_RETURNTRANSFER1); // get the response as a string from curl_exec(), rather than echoing it
    
curl_setopt($cCURLOPT_FRESH_CONNECT1); // don't use a cached version of the url
    
if (!curl_exec($c)) { return false; }

    
$httpcode curl_getinfo($cCURLINFO_HTTP_CODE);
    return (
$httpcode 400);
}
?>

c00lways at gmail dot com (2008-03-04 13:16:10)

if you would like to send xml request to a server (lets say, making a soap proxy),
you have to set

<?php
curl_setopt
($chCURLOPT_HTTPHEADER, Array("Content-Type: text/xml"));
?>

makesure you watch for cache issue:
the below code will prevent cache...

<?php
curl_setopt
($chCURLOPT_FORBID_REUSE1);
curl_setopt($chCURLOPT_FRESH_CONNECT1);
?>

hope it helps ;)

mavook at gmail dot com (2008-02-15 22:26:07)

If you try to upload file to a server, you need do CURLOPT_POST first and then fill CURLOPT_POSTFIELDS.

<?php
curl_setopt
($chCURLOPT_POST1);
curl_setopt($chCURLOPT_POSTFIELDS$postvars);
// ^^ This will post multipart/form-data
?>

jade dot skaggs at gmail dot com (2008-01-07 09:48:02)

After much struggling, I managed to get a SOAP request requiring HTTP authentication to work.  Here's some source that will hopefully be useful to others. 

         <?php

         $credentials 
"username:password";
         
         
// Read the XML to send to the Web Service
         
$request_file "./SampleRequest.xml";
        
$fh fopen($request_file'r');
        
$xml_data fread($fhfilesize($request_file));
        
fclose($fh);
                
        
$url "http://www.example.com/services/calculation";
        
$page "/services/calculation";
        
$headers = array(
            
"POST ".$page." HTTP/1.0",
            
"Content-type: text/xml;charset=\"utf-8\"",
            
"Accept: text/xml",
            
"Cache-Control: no-cache",
            
"Pragma: no-cache",
            
"SOAPAction: \"run\"",
            
"Content-length: ".strlen($xml_data),
            
"Authorization: Basic " base64_encode($credentials)
        );
       
        
$ch curl_init();
        
curl_setopt($chCURLOPT_URL,$url);
        
curl_setopt($chCURLOPT_RETURNTRANSFER1);
        
curl_setopt($chCURLOPT_TIMEOUT60);
        
curl_setopt($chCURLOPT_HTTPHEADER$headers);
        
curl_setopt($chCURLOPT_USERAGENT$defined_vars['HTTP_USER_AGENT']);
        
        
// Apply the XML to our curl call
        
curl_setopt($chCURLOPT_POST1);
        
curl_setopt($chCURLOPT_POSTFIELDS$xml_data); 

        
$data curl_exec($ch); 

        if (
curl_errno($ch)) {
            print 
"Error: " curl_error($ch);
        } else {
            
// Show me the result
            
var_dump($data);
            
curl_close($ch);
        }

?>

Ojas Ojasvi (2007-09-25 10:52:57)

<?php
/*
* Author: Ojas Ojasvi
* Released: September 25, 2007
* Description: An example of the disguise_curl() function in order to grab contents from a website while remaining fully camouflaged by using a fake user agent and fake headers.
*/

$url 'http://www.php.net';

// disguises the curl using fake headers and a fake user agent.
function disguise_curl($url)
{
  
$curl curl_init();

  
// Setup headers - I used the same headers from Firefox version 2.0.0.6
  // below was split up because php.net said the line was too long. :/
  
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
  
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
  
$header[] = "Cache-Control: max-age=0";
  
$header[] = "Connection: keep-alive";
  
$header[] = "Keep-Alive: 300";
  
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
  
$header[] = "Accept-Language: en-us,en;q=0.5";
  
$header[] = "Pragma: "// browsers keep this blank.

  
curl_setopt($curlCURLOPT_URL$url);
  
curl_setopt($curlCURLOPT_USERAGENT'Googlebot/2.1 (+http://www.google.com/bot.html)');
  
curl_setopt($curlCURLOPT_HTTPHEADER$header);
  
curl_setopt($curlCURLOPT_REFERER'http://www.google.com');
  
curl_setopt($curlCURLOPT_ENCODING'gzip,deflate');
  
curl_setopt($curlCURLOPT_AUTOREFERERtrue);
  
curl_setopt($curlCURLOPT_RETURNTRANSFER1);
  
curl_setopt($curlCURLOPT_TIMEOUT10);

  
$html curl_exec($curl); // execute the curl command
  
curl_close($curl); // close the connection

  
return $html// and finally, return $html
}

// uses the function and displays the text off the website
$text disguise_curl($url);
echo 
$text;
?>

Ojas Ojasvi

charles at tastik dot net (2007-09-01 02:27:45)

FYI,

Anyone trying to connect to .NET with CURL to send a simple XML post, pay attention to the following. This will save you hours! There is a previous note that I saw either on this page, or somewhere else on this site that explains the correct way to specify the header option is to create an array, then reference the array from the CURLOPT. 

ie.  Do something like this:

<?php
// Req. HTTP Header Values 
 
$header[] = "Content-type: text/xml";

// Target URL
 
$sendTo "http://www.example.com";

// Post Data
 
$post "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<root>\n....etc, etc,";

// Create CURL Connection
 
$ch curl_init();
 
curl_setopt($chCURLOPT_USERAGENT'XtraDoh xAgent');
 
curl_setopt($chCURLOPT_URL$sendTo);
 
curl_setopt($chCURLOPT_TIMEOUT900);
 
curl_setopt($chCURLOPT_CONNECTIONTIMEOUT30);
 
curl_setopt($chCURLOPT_FAILONERRORfalse);
 
curl_setopt($chCURLOPT_SSL_VERIFYHOST0);
 
curl_setopt($chCURLOPT_SSL_VERIFYPEER0);
 
curl_setopt($chCURLOPT_FOLLOWLOCATIONtrue);
 
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
 
curl_setopt($chCURLOPT_HTTPHEADER$header);
 
curl_setopt($chCURLOPT_POSTtrue);
 
curl_setopt($chCURLOPT_POSTFIELDS$post);
?>

Notice the HTTPHEADER, $header above. I have not been able to get .NET to properly read the HTTP header as specified (in this case as text/xml) when using the following:

<?php
curl_setopt
($chCURLOPT_HTTPHEADER, array('Content-Type'=>'text/xml'));
?>

Although this may work when working with other PHP, IIS, or even PHP, Apache, it does not (at least in my experience) work with .NET, IIS.

andrabr at gmail dot com (2007-08-20 14:03:09)

This is very clear in hindsight, but it still cost me several hours:

<?php curl_setopt($sessionCURLOPT_HTTPPROXYTUNNEL1); ?>

means that you will tunnel THROUGH the proxy, as in "your communications will go as if the proxy is NOT THERE".

Why do you care? - Well, if you are trying to use, say, Paros, to debug HTTP between your cURL and the server, with CURLOPT_HTTPPROXYTUNNEL set to TRUE Paros will not see or log your traffic thus defeating the purpose and driving you nuts.

There are other cases, of course, where this option is extremely useful...

michael sky (2007-07-05 15:09:37)

if you are trying to connect to 'https://...' and after that want to work with POST data - that's the way:

<?php
$curl 
curl_init();
curl_setopt($curlCURLOPT_SSL_VERIFYPEERFALSE);
curl_setopt($curlCURLOPT_HEADER0);
curl_setopt($curlCURLOPT_POSTtrue);
curl_setopt($curlCURLOPT_RETURNTRANSFERtrue);
curl_setopt($curlCURLOPT_USERAGENT"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($curlCURLOPT_FOLLOWLOCATIONtrue);
curl_setopt($curlCURLOPT_COOKIEFILE"cookiefile");
curl_setopt($curlCURLOPT_COOKIEJAR"cookiefile"); # SAME cookiefile
curl_setopt($curlCURLOPT_URL"url1"); # this is where you first time connect - GET method authorization in my case, if you have POST - need to edit code a bit
$xxx curl_exec($curl);

curl_setopt($curlCURLOPT_URL"url2"); # this is where you are requesting POST-method form results (working with secure connection using cookies after auth)
curl_setopt($curlCURLOPT_POSTFIELDS"var1=value&var2=value&var3=value&"); # form params that'll be used to get form results
$xxx curl_exec($curl);

curl_close ($curl);
echo 
$xxx;
?>

sleepwalker at rahulsjohari dot com (2007-06-27 11:18:01)

Two things that I noted, one of which has been mentioned earlier, if you are connecting to an SSL site (https) and don't have the appropriate certificate, don't forget to set CURLOPT_SSL_VERIFYPEER as "false"... it's set to "true" by default. Scratched my head over 2 hours to figure this one out as I had a machine with an older version installed and everything worked fine without using this option on that one - but failed on other machines with newer versions.

Second very important thing, I've never had my scripts work (tried on various machines, multiple platforms) with a Relative path to a COOKIEJAR or COOKIEFILE. In my experience I HAVE to specify the absolute path and not the relative path. 

Small script I wrote to connect to a page, gather all cookies into a jar, connect to another page to login, taking the cookiejar with you for authentication:

<?php
$ch 
curl_init();
curl_setopt($chCURLOPT_COOKIEJAR"/Library/WebServer/Documents/tmp/cookieFileName");
curl_setopt($chCURLOPT_URL,"https://www.example.com/myaccount/start.asp");
curl_setopt($chCURLOPT_SSL_VERIFYPEERfalse);
ob_start();      // Prevent output
curl_exec ($ch);
ob_end_clean();  // End preventing output
curl_close ($ch);
unset(
$ch);

$ch curl_init();
curl_setopt($chCURLOPT_POST1);
curl_setopt($chCURLOPT_POSTFIELDS"field1=".$f1."&field2=".$f2."&SomeFlag=True");
curl_setopt($chCURLOPT_RETURNTRANSFER,1);
curl_setopt($chCURLOPT_COOKIEFILE"/Library/WebServer/Documents/tmp/cookieFileName");
curl_setopt($chCURLOPT_URL,"https://www.example.com/myaccount/Login.asp");
curl_setopt($chCURLOPT_SSL_VERIFYPEERfalse);
curl_setopt($chCURLOPT_FOLLOWLOCATIONtrue);
$result curl_exec ($ch);
curl_close ($ch);
?>

mcbreen at gmail dot com (2007-06-12 14:35:10)

If you are getting the following error:

SSL: certificate subject name 'example.com' does not match target host name 'example.net'

Then you can set the following option to get around it:

<?php curl_setopt($chCURLOPT_SSL_VERIFYHOSTFALSE); ?>

vincent at ludden dot nl (2007-06-12 01:55:09)

Please note that the CURLOPT_INTERFACE setting only accepts IP addresses and hostnames of the local machine. It is not meant to send a URL to a specific IP address.

ashw1 - at - no spam - post - dot - cz (2007-06-03 16:51:58)

In case you wonder how come, that cookies don't work under Windows, I've googled for some answers, and here is the result: Under WIN you need to input absolute path of the cookie file.

This piece of code solves it:

<?php

if ($cookies != '')
    {
    if (
substr(PHP_OS03) == 'WIN')
        {
$cookies str_replace('\\','/'getcwd().'/'.$cookies);}
    
curl_setopt($chCURLOPT_COOKIEJAR$cookies);
    
curl_setopt($chCURLOPT_COOKIEFILE$cookies);
    }

?>

Jon Freilich (2007-05-11 21:52:14)

curl will sometimes return an "Empty reply from server" error if you don't send a User-Agent string. Use the CURLOPT_USERAGENT option.

rob at infoglobe dot net (2007-04-24 09:01:33)

Options not included in the above, but that work (Taken from the libcurl.a C documentation)
CURLOPT_FTP_SSL
Pass a long using one of the values from below, to make libcurl use your desired level of SSL for the ftp transfer. (Added in 7.11.0)
CURLFTPSSL_NONE
Don't attempt to use SSL.
CURLFTPSSL_TRY
Try using SSL, proceed as normal otherwise.
CURLFTPSSL_CONTROL
Require SSL for the control connection or fail with CURLE_FTP_SSL_FAILED.
CURLFTPSSL_ALL
Require SSL for all communication or fail with CURLE_FTP_SSL_FAILED.

alfredoaguirre dot v at gmail dot com (2007-03-13 16:26:03)

Seems that CURLOPT_RETURNTRANSFER Option set to TRUE, returns a "1" when the transaction returns a blank page.
I think is for eliminate the FALSE to can be with a blank page as return

paczor (2007-03-08 06:50:41)

How to get rid of response after POST: just add callback function for returned data (CURLOPT_WRITEFUNCTION) and make this function empty.

<?php
function curlHeaderCallback($ch$strHeader) {
}
curl_setopt($chCURLOPT_WRITEFUNCTION'curlHeaderCallback');
?>

null at nahdah dot com (2006-11-27 13:42:15)

I was having problems with Authorize.net and the SSL cert matching even after adding:

<?php
curl_setopt
($chCURLOPT_SSL_VERIFYPEER0);
?>

What I found after a lot of stumbling was I needed to set VERIFYHOST to FALSE.  So if you are still have a problem with Authorize.NET SSL and cURL add this:

<?php
curl_setopt
($chCURLOPT_SSL_VERIFYHOST0);
?>

pyroevi at yahoo dot com (2006-11-22 10:33:56)

I was working on using php to interface with an authorize.net gateway, and I ran into a problem with certificates using curl to talk the https:// url.

curl_error() told me "SSL certificate problem, verify that the CA cert is OK."

I googled it and found the same "solution" over and over again: bypass verification by adding this line after curl_init():

<?php
curl_setopt
($connectionCURLOPT_SSL_VERIFYPEERfalse);
?>

This worked great, but I was required to verify, so here's what I did. Add the following lines:

<?php
curl_setopt
($connectionCURLOPT_SSL_VERIFYPEER1);
curl_setopt($connectionCURLOPT_CAINFO"path:/ca-bundle.crt");
?>

with "path:/ca-bundle.crt" being the path to that certificate file. You can get this file by downloading the curl package (http://curl.haxx.se/download.html) and looking for it in the lib folder.

Feel free to email me.

eion at bigfoot dot com (2006-11-21 20:40:43)

If you are trying to use CURLOPT_FOLLOWLOCATION and you get this warning:
Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set...

then you will want to read http://www.php.net/ChangeLog-4.php which says "Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled." as of PHP 4.4.4/5.1.5.  This is due to the fact that curl is not part of PHP and doesn't know the values of open_basedir or safe_mode, so you could comprimise your webserver operating in safe_mode by redirecting (using header('Location: ...')) to "file://" urls, which curl would have gladly retrieved.

Until the curl extension is changed in PHP or curl (if it ever will) to deal with "Location:" headers, here is a far from perfect remake of the curl_exec function that I am using.

Since there's no curl_getopt function equivalent, you'll have to tweak the function to make it work for your specific use.  As it is here, it returns the body of the response and not the header.  It also doesn't deal with redirection urls with username and passwords in them.

<?php
    
function curl_redir_exec($ch)
    {
        static 
$curl_loops 0;
        static 
$curl_max_loops 20;
        if (
$curl_loops++ >= $curl_max_loops)
        {
            
$curl_loops 0;
            return 
FALSE;
        }
        
curl_setopt($chCURLOPT_HEADERtrue);
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
        
$data curl_exec($ch);
        list(
$header$data) = explode("\n\n"$data2);
        
$http_code curl_getinfo($chCURLINFO_HTTP_CODE);
        if (
$http_code == 301 || $http_code == 302)
        {
            
$matches = array();
            
preg_match('/Location:(.*?)\n/'$header$matches);
            
$url = @parse_url(trim(array_pop($matches)));
            if (!
$url)
            {
                
//couldn't process the url to redirect to
                
$curl_loops 0;
                return 
$data;
            }
            
$last_url parse_url(curl_getinfo($chCURLINFO_EFFECTIVE_URL));
            if (!
$url['scheme'])
                
$url['scheme'] = $last_url['scheme'];
            if (!
$url['host'])
                
$url['host'] = $last_url['host'];
            if (!
$url['path'])
                
$url['path'] = $last_url['path'];
            
$new_url $url['scheme'] . '://' $url['host'] . $url['path'] . ($url['query']?'?'.$url['query']:'');
            
curl_setopt($chCURLOPT_URL$new_url);
            
debug('Redirecting to'$new_url);
            return 
curl_redir_exec($ch);
        } else {
            
$curl_loops=0;
            return 
$data;
        }
    }
?>

php at miggy dot org (2006-08-23 10:35:29)

Note that if you want to use a proxy and use it as a _cache_, you'll have to do:

<?php curl_setopt($chCURLOPT_HTTPHEADER, array("Pragma: ")); ?>

else by default Curl puts a "Pragma: no-cache" header in and thus force cache misses for all requests.

Philippe dot Jausions at 11abacus dot com (2006-05-30 11:31:24)

Clarification on the callback methods:
- CURLOPT_HEADERFUNCTION is for handling header lines received *in the response*,
- CURLOPT_WRITEFUNCTION is for handling data received *from the response*,
- CURLOPT_READFUNCTION is for handling data passed along *in the request*.
The callback "string" can be any callable function, that includes the array(&$obj, 'someMethodName') format.
-Philippe

mr at coder dot tv (2006-04-14 07:22:19)

Sometimes you can't use CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE becoz of the server php-settings(They say u may grab any files from server using these options). Here is the solution
1)Don't use CURLOPT_FOLLOWLOCATION
2)Use curl_setopt($ch, CURLOPT_HEADER, 1)
3)Grab from the header cookies like this:
preg_match_all('|Set-Cookie: (.*);|U', $content, $results);
$cookies = implode(';', $results[1]);
4)Set them using curl_setopt($ch, CURLOPT_COOKIE, $cookies);
Good Luck, Yevgen

heyrocker at yahoo dot com (2006-02-23 13:57:44)

The examples below for HTTP file upload work great, but I wanted to be able to post multiple files through HTTP upload using HTML arrays as specified in example 38.3 at

http://php.net/features.file-upload

In this case, you need to set the arrays AND keys in the $post_data, it will not work with just the array names. The following example shows how this works:

<?php

    $post_data 
= array();
    
    
$post_data['pictures[0]'] = "@cat.jpg";
    
$post_data['pictures[1]'] = "@dog.jpg";
    

    
$ch curl_init();
    
curl_setopt($chCURLOPT_URL"http://example.com/my_url.php" ); 
    
curl_setopt($chCURLOPT_POST);
    
curl_setopt($chCURLOPT_POSTFIELDS$post_data);
    
curl_setopt($chCURLOPT_RETURNTRANSFER1);
    
$postResult curl_exec($ch);

    if (
curl_errno($ch)) {
       print 
curl_error($ch);
    }
    
curl_close($ch);
    print 
"$postResult";
?>

petelu $ post dot sk (2006-02-17 04:19:25)

load https:// or  http://example.com/exam.php  
with  POST  data (name=alex&year=18) and apply COOKIEs

<?php
$sessions 
curl_init();
curl_setopt($sessions,CURLOPT_URL,'http://example.com/exam.php');
curl_setopt($sessionsCURLOPT_POST1);
curl_setopt($sessions,CURLOPT_POSTFIELDS,'name=alex&year=18');
curl_setopt($sessions,CURLOPT_COOKIEJAR,
dirname(__FILE__).'/cookie.txt');
curl_setopt($sessions,CURLOPT_FOLLOWLOCATION,0);
curl_setopt($sessionsCURLOPT_HEADER 1);
curl_setopt($sessionsCURLOPT_RETURNTRANSFER,1);
$my_load_page curl_exec($this->sessions);
?>

luca dot manzo at bbsitalia dot com (2006-02-02 03:55:27)

If you're getting trouble with cookie handling in curl: 

- curl manages tranparently cookies in a single curl session
- the option 
<?php curl_setopt($chCURLOPT_COOKIEJAR"/tmp/cookieFileName"); ?>

makes curl to store the cookies in a file at the and of the curl session

- the option 
<?php curl_setopt($chCURLOPT_COOKIEFILE"/tmp/cookieFileName"); ?>

makes curl to use the given file as source for the cookies to send to the server. 

so to handle correctly cookies between different curl session, the you have to do something like this:

<?php
       $ch 
curl_init(); 
       
curl_setopt ($chCURLOPT_URL$url); 
       
curl_setopt ($chCURLOPT_COOKIEJARCOOKIE_FILE_PATH);
       
curl_setopt ($chCURLOPT_COOKIEFILECOOKIE_FILE_PATH);

       
curl_setopt ($chCURLOPT_RETURNTRANSFER1); 
       
$result curl_exec ($ch);
       
curl_close($ch);
       return 
$result;
?>

in particular this is NECESSARY if you are using PEAR_SOAP libraries to build a webservice client over https and the remote server need to establish a session cookie. in fact each soap message is sent using a different curl session!!

I hope this can help someone
Luca

Dustin Hawkins (2005-12-27 14:24:15)

To further expand upon use of CURLOPT_CAPATH and CURLOPT_CAINFO...
In my case I wanted to prevent curl from talking to any HTTPS server except my own using a self signed certificate. To do this, you'll need openssl installed and access to the HTTPS Server Certificate (server.crt by default on apache)
You can then use a command simiar to this to translate your apache certificate into one that curl likes.
$ openssl x509 -in server.crt -out outcert.pem -text
Then set CURLOPT_CAINFO equal to the the full path to outcert.pem and turn on CURLOPT_SSL_VERIFYPEER.
If you want to use the CURLOPT_CAPATH option, you should create a directory for all the valid certificates you have created, then use the c_rehash script that is included with openssl to "prepare" the directory.
If you dont use the c_rehash utility, curl will ignore any file in the directory you set.

skyogre __at__ yandex __dot__ ru (2005-12-22 02:13:31)

There is really a problem of transmitting $_POST data with curl in php 4+ at least.
I improved the encoding function by Alejandro Moreno to work properly with mulltidimensional arrays.

<?php
function data_encode($data$keyprefix ""$keypostfix "") {
  
assertis_array($data) );
  
$vars=null;
  foreach(
$data as $key=>$value) {
    if(
is_array($value)) $vars .= data_encode($value$keyprefix.$key.$keypostfix.urlencode("["), urlencode("]"));
    else 
$vars .= $keyprefix.$key.$keypostfix."=".urlencode($value)."&";
  }
  return 
$vars;
}

curl_setopt($chCURLOPT_POSTFIELDSsubstr(data_encode($_POST), 0, -1) );

?>

phpnet at wafflehouse dot de (2005-10-23 06:34:38)

Resetting CURLOPT_FILE to STDOUT won't work by calling curl_setopt() with the STDOUT constant or a php://output stream handle (at least I get error messages when trying the code from phpnet at andywaite dot com). Instead, one can simply reset it as a side effect of CURLOPT_RETURNTRANSFER. Just say

<?php curl_setopt($this->curl,CURLOPT_RETURNTRANSFER,0); ?>

and following calls to curl_exec() will output to STDOUT again.

webmaster () stauceni.com (2005-10-20 13:42:53)

A little mistake, that took a half-day to fix it:
When specifing CURLOPT_COOKIEFILE or CURLOPT_COOKIEJAR options, don't forget to "chmod 777" that directory where cookie-file must be created.

ROXORT at TGNOOB dot FR (2005-09-21 07:09:05)

<?php
/*
  Here is a script that is usefull to :
  - login to a POST form,
  - store a session cookie,
  - download a file once logged in.
*/

// INIT CURL
$ch curl_init();

// SET URL FOR THE POST FORM LOGIN
curl_setopt($chCURLOPT_URL'http://www.example.com/Members/Login.php');

// ENABLE HTTP POST
curl_setopt ($chCURLOPT_POST1);

// SET POST PARAMETERS : FORM VALUES FOR EACH FIELD
curl_setopt ($chCURLOPT_POSTFIELDS'fieldname1=fieldvalue1&fieldname2=fieldvalue2');

// IMITATE CLASSIC BROWSER'S BEHAVIOUR : HANDLE COOKIES
curl_setopt ($chCURLOPT_COOKIEJAR'cookie.txt');

# Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
# not to print out the results of its query.
# Instead, it will return the results as a string return value
# from curl_exec() instead of the usual true/false.
curl_setopt ($chCURLOPT_RETURNTRANSFER1);

// EXECUTE 1st REQUEST (FORM LOGIN)
$store curl_exec ($ch);

// SET FILE TO DOWNLOAD
curl_setopt($chCURLOPT_URL'http://www.example.com/Members/Downloads/AnnualReport.pdf');

// EXECUTE 2nd REQUEST (FILE DOWNLOAD)
$content curl_exec ($ch);

// CLOSE CURL
curl_close ($ch); 

/*
  At this point you can do do whatever you want
  with the downloaded file stored in $content :
  display it, save it as file, and so on.
*/
?>

mcknight at chek dot com (2005-08-22 20:10:33)

when specifing the file for either CURLOPT_COOKIEFILE or CURLOPT_COOKIEJAR you may need to use the full file path instead of just the relative path.

phpnet at andywaite dot com (2005-06-07 14:08:35)

After setting CURLOPT_FILE, you may want want to revert back to the normal behaviour of displaying the results. This can be achieved using:

<?php
$fp 
fopen ("php://output""w") or die("Unable to open stdout for writing.\n");
curl_setopt($chCURLOPT_FILE$fp);
?>

michaeledwards.com (2005-06-01 14:57:05)

Problems can occur if you mix CURLOPT_URL with a 'Host:' header in CURLOPT_HEADERS on redirects because cURL will combine the host you explicitly stated in the 'Host:' header with the host from the Location: header of the redirect response. 

In short, don't do this:

<?php
$host 
"www.example.com";
$url "http://$host/";

$headers = array("Host: $host");

$ch curl_init();

curl_setopt($chCURLOPT_URL$url);
curl_setopt($chCURLOPT_HTTPHEADER$headers);

Do 
this instead:

$host "www.example.com";
$url "http://$host/";

$ch curl_init();

curl_setopt($chCURLOPT_URL$url);
?>

samlowry at e-baka dot net (2005-05-14 06:09:14)

About CURLOPT_ENCODING:
added in curl in 7.10 - Oct 1 2002
In 7.10.5 - May 19 2003 syntax was chnaged:
"setting CURLOPT_ENCODING to "" automaticly enables all supported encodings"

ikendra at yken dot nospam dot org (2005-05-09 09:26:42)

Using cURL, I needed to call a third-party script which was returning binary data as attachment to pass on retrieved data again as attachment.

Problem was that the third-party script occassionally returned HTTP errors and I wanted to avoid passing on zero-length attachment in such case.

Combination of using CURLOPT_FAILONERROR and CURLOPT_HEADERFUNCTION callback helped to process the third-party script HTTP errors neatly:

<?php
function curlHeaderCallback($resURL$strHeader) {
    if (
preg_match('/^HTTP/i'$strHeader)) {
        
header($strHeader);
        
header('Content-Disposition: attachment; filename="file-name.zip"');
    }
    return 
strlen($strHeader);
}

$strURL 'http://www.example.com/script-whichs-dumps-binary-attachment.php';

$resURL curl_init();
curl_setopt($resURLCURLOPT_URL$strURL);
curl_setopt($resURLCURLOPT_BINARYTRANSFER1);
curl_setopt($resURLCURLOPT_HEADERFUNCTION'curlHeaderCallback');
curl_setopt($resURLCURLOPT_FAILONERROR1);

curl_exec ($resURL);

$intReturnCode curl_getinfo($resURLCURLINFO_HTTP_CODE);
curl_close ($resURL);

if (
$intReturnCode != 200) {
    print 
'was error: ' $intReturnCode;
}
?>

raul at navenetworks dot com (2004-07-21 13:19:33)

Hi!

I have found some information I am sure it could help lot of programmers when they want to connect with curl to any https website and they haven't a good or right CA Cert :)

I give you just one example It has resolved me 2 hours of my time looking for a solution.

It is simple, just if you get any error in the curl_exec (use curl_error(...) to see the error to trace it) add the next line and everything is solved:

(note: replace $ch with the right curl variable)

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

<?php

$ch 
curl_init();
$rescurl_setopt ($chCURLOPT_URL,"https://yoururl/cgi");

curl_setopt($chCURLOPT_SSL_VERIFYPEERFALSE);
curl_setopt ($chCURLOPT_HEADER0);
curl_setopt($chCURLOPT_POST1);
curl_setopt($chCURLOPT_POSTFIELDS"Idc=si&");
curl_setopt ($chCURLOPT_RETURNTRANSFER1);
$xyz curl_exec ($ch);

curl_close ($ch);
echo 
$xyz;
if (
$xyz == NULL) { 
           echo 
"Error:<br>";
           echo 
curl_errno($ch) . " - " curl_error($ch) . "<br>";
}
?>

I hope this helps.

Raul Mate Galan
Ceo Navenetworks Corp.

Note: Thanks to Ruben Lopez Gea for his help too.

ron at ttvavanti dot nl (2004-05-07 08:00:06)

If you specify a CAINFO, note that the file must be in PEM format! (If not, it won't work).
Using Openssl you can use:
openssl x509 -in <cert> -inform d -outform PEM -out cert.pem
To create a pem formatted certificate from a binary certificate (the one you get if you download the ca somewhere).

Jakub Horky <jakub dot php at horky dot net> (2004-04-04 13:20:19)

A bit more documentation (without minimum version numbers):
- CURLOPT_WRITEFUNCTION
- CURLOPT_HEADERFUNCTION
Pass a function which will be called to write data or headers respectively. The callback function prototype:
long write_callback (resource ch, string data)
The ch argument is CURL session handle. The data argument is data received. Note that its size is variable. When writing data, as much data as possible will be returned in all invokes. When writing headers, exactly one complete header line is returned for better parsing.
The function must return number of bytes actually taken care of. If that amount differs from the amount passed to this function, an error will occur.
- CURLOPT_READFUNCTION
Pass a function which will be called to read data. The callback function prototype:
string read_callback (resource ch, resource fd, long length)
The ch argument is CURL session handle. The fd argument is file descriptor passed to CURL by CURLOPT_INFILE option. The length argument is maximum length which can be returned.
The function must return string containing the data which were read. If length of the data is more than maximum length, it will be truncated to maximum length. Returning anything else than a string means an EOF.
[Note: there is more callbacks implemented in current cURL library but they aren't unfortunately implemented in php curl interface yet.]

tim dot php at ebw dot ca (2003-11-18 18:18:44)

The page http://curl.haxx.se/libcurl/c/curl_easy_setopt.html at the cURL site has a list of all the CURLOPTS, including many not mentioned here. Also see http://curl.haxx.se/libcurl/php/examples/ for cURL examples in PHP.

eric at imap dot ch (2003-07-07 09:38:42)

I managed to use curl to retrieve information from severs on ports other than 80 or 443 (for https) on some installations but not on all. 
If you get an "CURLE_COULDNT_CONNECT /* 7 */" error, try adding the port : (for example)

<?php curl_setopt($chCURLOPT_PORT$_SERVER['SERVER_PORT']); ?>

me (2003-05-14 09:36:13)

Just a reminder: When setting your CURLOPT_POSTFIELDS remember to replace the spaces in your values with %20

dweingart at pobox dot com (2003-04-02 15:08:56)

If you want to Curl to follow redirects and you would also like Curl to echo back any cookies that are set in the process, use this:

<?php curl_setopt($chCURLOPT_COOKIEJAR'-'); ?>

'-' means stdout

-dw

yann dot corno at free dot fr (2002-11-13 04:19:06)

About the CURLOPT_HTTPHEADER option, it took me some time to figure out how to format the so-called 'Array'. It fact, it is a list of strings. If Curl was already defining a header item, yours will replace it. Here is an example to change the Content Type in a POST:

<?php curl_setopt ($chCURLOPT_HTTPHEADER, Array("Content-Type: text/xml")); ?>

Yann

(2002-10-23 12:04:08)

beware that not all cURLlib constants are supported under php :
e.g. CURLOPT_PROGRESSFUNCTION or CURLOPT_WRITEDATA are not supported.

CURLOPT_WRITEFUNCTION, although undocumented is supported. It takes the name of a user_defined function.
the function should take two arguments (the curl handle, and the inputdata) and return the length of the written data
e.g.

<?php
function myPoorProgressFunc($ch,$str){
global 
$fd;
$len fwrite($fd,$str);
print(
"#");
return 
$len;
}

curl_setopt($ch,CURLOPT_WRITEFUNCTION,"myPoorProgressFunc");
?>

Also be aware that CURLOPT_WRITEFUNCTION  does NOT take the CURLOPT_FILE as a parameter! 
in curl lib it would take CURLOPT_WRITEDATA but this is not supported by php; that's why I use "global $fd;" in my exemple function.

CURLOPT_HEADERFUNCTION works the same, and is guaranteed to receive complete header lines as input! 

Hope this helps

Ivan

mrcheezy at hotmail dot com (2002-09-13 14:34:55)

If you set return transfer to 1 and are sending a post form and find that this crashes php try setting follow location to 1 also. I'm not exactly sure why this crashed, but after i used follow it stopped.

<?php
  curl_setopt 
($sessCURLOPT_FOLLOWLOCATION'1');
  
curl_setopt ($sessCURLOPT_RETURNTRANSFER'1');
?>

paul at zgtec dot com (2002-08-26 14:31:49)

To make a POST in multipart/form-data mode 
this worked for me, the " \n" at the end of the variables was very important on my OS X server.

<?php

$file 
"file_to_upload.txt";
$submit_url "http://www.example.com/upload_page.php";

$formvars = array("cc"=>"us \n");
$formvars[variable_1] = "bla bla \n";
$formvars[variable_2] = "bla bla \n";
$formvars[variable_3] = "bla bla \n";
$formvars[variable_4] = "bla bla \n";
$formvars[upfile] = "@$file"// "@" causes cURL to send as file and not string (I believe) 

    // init curl handle
    
$ch curl_init($submit_url);
    
curl_setopt($chCURLOPT_COOKIEJAR"my_cookies.txt");  //initiates cookie file if needed
    
curl_setopt($chCURLOPT_COOKIEFILE"my_cookies.txt");  // Uses cookies from previous session if exist
    
curl_setopt($chCURLOPT_REFERER"http://www.example.net");  //if server needs to think this post came from elsewhere
    
curl_setopt($chCURLOPT_VERBOSE1);
    
curl_setopt($chCURLOPT_HEADER1);
    
curl_setopt($chCURLOPT_FOLLOWLOCATION,1); // follow redirects recursively
    
curl_setopt($chCURLOPT_RETURNTRANSFER1);
    
curl_setopt($chCURLOPT_POSTFIELDS$formvars);

    
// perform post
    
echo $pnp_result_page curl_exec($ch);
    
curl_close ($ch);

?>

tychay at alumni dot caltech dot edu (2002-04-03 01:14:27)

CURLOPT_HTTPHEADER is NOT like the -H command line switch. The command line switch adds or replaces headers (much like the header() line in PHP, but for HTTP clients instead of servers), but the curl extension will eliminate the headers cURL sends by default.
For instance, your Authorization, Host, Referer, Pragma, and Accept headers which are normally written by default or by other CURLOPT_*'s.
Also, it might seem intuitive that this should accept an array hash of header->values, but this is not the case. It accepts an array of strings of the format "Header: Value", much like the -H command-line switch.
Hope this helps,
terry

asmith at crawlspace dot com (2002-02-28 19:18:02)

It's possible to take advantage of multiple URLs on the same host in one curl_exec transaction ... just use multiple instances of CURLOPT_URL.

Example:

<?php
$ch 
curl_init();
curl_setopt($chCURLOPT_URL"http://example.com/a.html");
curl_setopt($chCURLOPT_URL"http://example.com/b.html");
curl_setopt($chCURLOPT_URL"http://example.com/c.html");
curl_exec($ch);
curl_close($ch);
?>

... the URLs appear to be hit in the same order they are entered. This takes advantage of cURL's Persistant Connection capability if all the URLs are on the same host!

bvwj at swbell dot net (2001-12-18 01:35:08)

To collect cookies recieved with a request, set CURLOPT_COOKIEJAR "cookieFileName". Then use CURLOPT_COOKIEFILE "cookieFileName" to recall them in subsequent transactions.

(2001-09-22 09:52:47)

To make a POST in multipart/form-data mode

(to upload a file for example) you can use 

<?php curl_setopt($ch,CURLOPT_POSTFIELDS,$post); ?>

where $post is an array :

<?php
$post
['key1'] = 'data1';
//  like a text field in a POST
$post['file1'] = '@filename1' 
// upload filename1
?>

For more informations see the 

curl_formparse man page.

sr2899.at.hotmail.com (2001-05-14 14:00:22)

CURLOPT_RETURNTRANSFER has the interesting behaviour of tacking a null char onto the end of the string. This null char is actually on the end of the php string, and can cause some odd results if you're not expecting it to be there.

fil at rezox dot com (2001-02-21 17:50:02)

If you want to connect to a secure server for posting info/reading info, you need to make cURL with the openSSL options. Then the sequence is nearly identical to the previous example (except http_S_://, and possibly add the useragent):

<?php
curl_setopt
($chCURLOPT_URL,"https://example.com");
//some sites only accept your request if your browser looks legit, so send a useragent profile... 
curl_setopt ($chCURLOPT_USERAGENT"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
?>

bvr at xs4all dot nl (2001-02-07 07:09:26)

If you'd like to include extra headers in your POST request, you can accomplish this by setting the following option:
CURLOPT_HTTPHEADER
This is similar to the CURL -H command line switch.
Thanks to Daniel Stenberg for pointing out this usefull feature!
Note: this option was first supported in PHP version 4.03 .

awestholm at imail dot usi dot net (2001-01-25 11:33:54)

Just because the docs are rather sparse on this, to set multiple values in a cookie, you separate them with a semicolon, as usual. An example, yo set j to j and k to k:

<?php curl_setopt($ch,CURLOPT_COOKIE,"j=j;k=k"); ?>

    -- Alex

dan dot polansky at seznam dot cz (2001-01-17 14:31:21)

I used to download www pages to my script and one of the pages was different in MS explorer and different, when I downloaded it. Namely, information, I was really interested in was missing. That was because the server on the other bank of the river was looking at who is downloading the page. Everything got fixed when I pretended I was MSIE. It is done with curl. Here is a function, that you may use in similar situation

<?php
function download_pretending($url,$user_agent) {
   
$ch curl_init();
   
curl_setopt ($chCURLOPT_URL$url);
   
curl_setopt ($chCURLOPT_USERAGENT$user_agent);
   
curl_setopt ($chCURLOPT_HEADER0);
   
curl_setopt ($chCURLOPT_RETURNTRANSFER1);
   
$result curl_exec ($ch); 
   
curl_close ($ch);
   return 
$result;
}
?>

易百教程