NotionCommotion Posted May 28, 2016 Share Posted May 28, 2016 Haven't done much with cURL, and nothing using PUT or DELETE methods. Would appreciate any comments on the following script. It is based on cutting and pasting from several sources, and some review of the manual. Particularly, let me know if I am sending data for PUT and DELETE methods correctly. Also, whether my use of CURLOPT_SSL_VERIFYPEER is correct (it doesn't seem to work with SSL without it). Thanks protected function CallAPI($method, $url,array $options, $data = false) { $options = array( CURLOPT_RETURNTRANSFER => true, // return web page CURLOPT_HEADER => false, // don't return headers CURLOPT_FOLLOWLOCATION => true, // follow redirects CURLOPT_ENCODING => "", // handle all encodings CURLOPT_USERAGENT => "unknown",// who am i CURLOPT_AUTOREFERER => true, // set referrer on redirect CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect CURLOPT_TIMEOUT => 120, // timeout on response CURLOPT_MAXREDIRS => 10, // stop after 10 redirects CURLOPT_SSL_VERIFYPEER => false // Disabled SSL Cert checks ); //Optional authentication if (isset($options[CURLOPT_USERPWD])) {$options[CURLOPT_HTTPAUTH]=CURLAUTH_BASIC;} switch (strtolower($method)) { case "get": if ($data) {$url = sprintf("%s?%s", $url, http_build_query($data));} break; case "post": $options[CURLOPT_POST]=1; if ($data) {$options[CURLOPT_POSTFIELDS]=$data;} break; case "put": $options[CURLOPT_PUT]=1; $options[CURLOPT_CUSTOMREQUEST]="PUT"; if ($data) {$options[CURLOPT_POSTFIELDS]=http_build_query($data);} break; case "delete": //$options[CURLOPT_DELETE]=1; $options[CURLOPT_CUSTOMREQUEST]="DELETE"; if ($data) {$options[CURLOPT_POSTFIELDS]=http_build_query($data);} break; default:trigger_error("Invalid HTTP method.", E_USER_ERROR); } $options[CURLOPT_URL]=$url; $ch = curl_init(); curl_setopt_array( $ch, $options ); $content = curl_exec( $ch ); $err = curl_errno( $ch ); $errmsg = curl_error( $ch ); $results = curl_getinfo( $ch ); curl_close( $ch ); $results['errno'] = $err; $results['errmsg'] = $errmsg; $results['content'] = $content; return $results; } Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 28, 2016 Share Posted May 28, 2016 Without certificate verification (CURLOPT_SSL_VERIFYPEER), HTTPS is a joke and a waste of energy. The whole point of encrypting the HTTP traffic is that only one specific peer can read it. If you don't verify that peer, the whole exercise is useless. If you don't want HTTPS, use plain HTTP. If you do want HTTPS, you must enable certificate verification. Problems usually come from not providing the trusted certificates. Your $options parameter is also useless, because you immediately overwrite it in the function. I guess what you actually want to do is merge the arrays. Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted May 28, 2016 Author Share Posted May 28, 2016 Yes, I definitely want SSL, and will get rid of CURLOPT_SSL_VERIFYPEER. Did the other settings look reasonable? Particularly related to SSL and how data was send for PUT and DELETE? Yea, I originally was using array_merge(), but was troubleshooting and forgot to put it back. I'm also thinking passing a "debug" flag to CallAPI, and only returning all the extra info if it is set Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 28, 2016 Share Posted May 28, 2016 Yes, I definitely want SSL, and will get rid of CURLOPT_SSL_VERIFYPEER. You must enable it, not get rid of it. You want peer verification. Did the other settings look reasonable? Particularly related to SSL and how data was send for PUT and DELETE? It does't make sense to silently override the authentication method with CURLAUTH_BASIC. What if you (or whoever uses the function) has already set a different method? Your handling of URL parameters is odd. If the method is GET, the caller of your function must not include a query in the URL (because that will result in a nonsense URL), but for all other methods you do expect the caller to put the query into the URL. Pick one. Or parse the URL so that the function doesn't screw up URLs with a predefined query. You also cannot handle multiple parameters with the same name. Consider supporting arrays as parameter values. The DELETE method cannot have parameters in the request body (well, it technically can, but they're ignored). Are you sure the parameters of the PUT method must be manually URL-encoded? Why not an array? Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted May 28, 2016 Author Share Posted May 28, 2016 Thanks Jacques1, I will spend a little time looking into each of your responses. By the way, array_merge() won't work. Values in the input array with numeric keys will be renumbered with incrementing keys starting from zero in the result array. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 28, 2016 Share Posted May 28, 2016 By the way, array_merge() won't work. Yeah. Use a loop then. Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted May 29, 2016 Author Share Posted May 29, 2016 Why not just the plus sign? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 29, 2016 Share Posted May 29, 2016 Pick whatever you like best. To me, a loop or array_replace() is a lot clearer than an operator which I constantly need to look up in the manual, but if you prefer the operator, use it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.