CURL + Passing $_POST variables/array

Question

I have the following situation:

if(isset($_POST['thisvalue'])) {

$username = $_POST['username'];
$passwd = $_POST['passwd'];

$ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,            'http://www.domain.com/scripts/curl/index_general.php' );
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true );
    curl_setopt($ch, CURLOPT_POST,           true );
    curl_setopt($ch, CURLOPT_REFERER,            'http://www.domain.com.au' );
    curl_setopt($ch, CURLOPT_POSTFIELDS,     "body goes here" ); 
    curl_setopt($ch, CURLOPT_HTTPHEADER,     array('Content-Type: text/plain')); 
$result = curl_exec($ch);
curl_close($ch);
echo $result;

I can the "http://www.domain.com/scripts/curl/index_general.php" to return a value.

I need to know the best way to complete the line: curl_setopt($ch, CURLOPT_POSTFIELDS, "body goes here" );

How should I send the username/passwd. I will have other time when I need to send more data so I assume (and from my reading that an array is best)...

Currently my data is passed from JQUERY/HTML... how should I then convert this data into an array and the CURL it to the destination domain?

thx

score 1 · Answer 1 · answered Apr 12 '12 at 01:29

Credential security aside, if you want a quick answer to the title topic of "CURL + Passing $_POST variables/array" and don't need to worry about sensitive data, you can try this:

$post_fields = '';
foreach ( $_POST as $a => $b ) { $post_fields .= $a.'='.$b.'&'; }
$post_fields = substr( $post_fields, 0, -1 );

curl_setopt( $ch, CURLOPT_POSTFIELDS, $post_fields );

Then you don't need to manually enumerate any possible POST fields.

score 1 · Answer 2 · answered Dec 20 '11 at 08:25

1

Try this:

curl_setopt($ch, CURLOPT_POSTFIELDS, array('username' => $_POST['username'], 'passwd' => $_POST['passwd']));

answered Dec 20 '11 at 08:25

piotrekkr

2,785
2
21
35

1

Worth noting: when `CURLOPT_POSTFIELDS` is an array, the `Content-Type` will be `multipart/form-data`. In practice it probably makes no difference, but anyway. – nikc.org Dec 20 '11 at 08:34
Don't know about what your comment was but if you really don't want to send form as `mutipart/form-data` you can do like that: `curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('username' => $_POST['username'], 'passwd' => $_POST['passwd'])));` – piotrekkr Dec 20 '11 at 09:31
It was about "nothing", just a FYI. As I said, probably makes no difference in practice. – nikc.org Dec 20 '11 at 15:19

score 1 · Accepted Answer · answered Dec 20 '11 at 09:02

In my opinion the best way (secure) method for passing username and password as HTTP HEADER AUTHENTICATION WITH CURL.

if(isset($_POST['thisvalue'])) {

$username = $_POST['username'];
$passwd = $_POST['passwd'];

$data = array('serialno' => '12345');    

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.domain.com/scripts/curl/index_general.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt($ch, CURLOPT_POST, true );
curl_setopt($ch, CURLOPT_USERPWD,'username:password'); // set your username and password
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_REFERER,'http://www.domain.com.au');
curl_setopt($ch, CURLOPT_POSTFIELDS,$data);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/plain')); 
$result = curl_exec($ch);
curl_close($ch);
echo $result;
}

In index_general.php

you can access the http username and password as

$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

CURL + Passing $_POST variables/array

3 Answers3

Linked