crwork

Thanks for clarifying. So to install cURL, or any package for that matter, the package already exists on the Linux distribution, but is "dormant" until you manually install it? Kind of like an add-on? I'm also getting command not found for sudo. Is that another binary to install? Yep, I'm a newb.

Ok, I'm able to get cURL running via PHP code on a dev server. But if I log on to the Debian linux server and try curl from the command line I get the message: '-bash curl:command not found' If I type php -m, 'curl' is in the list; however this server is using the Zend framework so at the bottom of that list it says [Zend Modules]. I can't seem to find where curl is installed on the server. It's working from PHP, but I feel like I'm in the Twilight Zone because I can't run it on the command line. Any ideas?

Thanks, it now works! I added these parms: curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_MAXREDIRS, 5); Thanks for your help derwert.

Ok, I was able to connect to the REST service with the Firefox plugin RESTclient. I did a GET request and supplied the username and password in the Basic Authenticate header and results were returned successfully from the REST service. On the development PHP server I've been running cURL tests to no avail however. It's bringing back a curl_errno return code of 0 despite the fact that no data is coming back. I also tried using curl_getinfo() for debugging and oddly enough, the http_code coming back is 302, indicating the URL has moved. However, since I can run the same service with the REST client that brings back data, it makes me think something in the cURL code is malformed. I've attached my cURL code. Anything look awry? $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://testing.com/myrest/usersByEmail/' . 'testemail.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERPWD, "theuser:thepassword"); $data = curl_exec($ch); //debugging displays echo 'Curl error: ' . curl_error($ch); echo ', Curl errno: ' .curl_errno($ch); $info = curl_getinfo($ch); print_r($info); curl_close($ch); Related debugging question: I tried running cURL from the command line in Debian Linux but get the message '-bash curl:command not found'. If I type php -m, 'curl' is in the list; however this server is using the Zend framework so at the bottom of that list it says [Zend Modules]. I can't seem to find where curl is installed on the server. Any thoughts on this one? If not, I can create another thread.

Ok, thanks for the reply. I haven't used curl before, but it sounds like it would do the trick. Thanks for the other options as well. I don't think this server has curl installed, but hopefully it's not a big deal. I'll update the thread once I get results. Or get stuck.

This may be a Coldfusion question as well, but I thought I'd throw this out there if anyone has any experience with this... I was asked to consume a Coldfusion service that simply retrieves a user name given an email address. Consuming the service must be done in PHP. Unfortunately, the CF rest service is secured by a username and password. Normally this would be pretty easy, except that Coldfusion requires a "username" and "password" parameter in the authentication header. Coldfusion does this with a CFHTTP call as follows: <cfhttp method="get" url="http://testsite.com/...e/usersByEmail/emailhere" username="test" password="test" result="isProfile"> If I run just a basic GET request using the cRest client, I get a permissions error because I only use the email address in the URL. It sends back an error message because I'm not sending the username and password. I don't know how to pass the username and password for a GET request. Does anyone know how to do this in PHP, or even just in a REST testing client like cRest? Thanks for any ideas...

I realize that. I was under the assumption that I wouldn't need to supply another parameter in the bind for the ON DUPLICATE clause '?' but it looks like I do .All set now, thanks. $stmt->bind_param('issss', $user_id, $user_name, $filter_prefs, $email, $filter_prefs);

I have a working prepared statement in PHP that does an INSERT. However, I'd like to leverage ON DUPLICATE KEY to update one field in the event the record already exists. I'm having trouble using the '?' in the ON DUPLICATE clause. Here's what I'd like to do, but isn't working: INSERT INTO user_prefs (user_id, user_name, filter_prefs, email) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE filter_prefs = ? $stmt->bind_param('isss', $user_id, $user_name, $filter_prefs, $email); Without the ON DUPLICATE, this works, but PHP seems to expect another bind parameter if I use a '?' in the On DUPLICATE clause:: "mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement" I also tried in the ON DUPLICATE clause updating all 4 fields, but I still got the bind_param() error. I searched all over and couldn't find an example for this. Anyone have thoughts? I could use mysqli_real_escape_string on filter_prefs, but that seems like a cluge...

Thanks Adam. Helpful stuff. The server doesn't verify the user based on session. As far as passing a user id to the web service goes, are you saying there's no great way to do that without some sort of exposure? Thanks for clarifying the URL issue. I couldn't find very much info on that so it's good to know it's not a security issue. For right now, I'd just like to get the communication working, then figure out the URL mapping issue.

I'm working on my first PHP REST service and have read many good tutorials online, but there are a few issues I'm having trouble with being a REST newb. Any thoughts on any of these appreciated! 1) Sending a user id securely for a GET request: The REST service is going to be invoked via jQuery AJAX and use JSON as input and output. One function we have is to retrieve some user preferences for a given user id. For testing, I've just been sending an integer user_id as part of the JSON input object. But is this not secure? Should the raw user id be sent as part of the URI request, e.g. http://testing.com/myservice/4234 ? Should encryption be used on the user id before invoking the service? 2) URL mapping: As of now I'm using the filename has part of the URL when calling the REST service from AJAX, e.g. http://testing.com/m...user_prefs.php. However, in most examples online, I see there is no filename, e.g. http://testing.com/myservice. Is the purpose for this security? The server I'm working on is lighttpd, not Apache, so it does not support .htaccess to re-route a URL. It uses the Zend framework (which I am brand new to) so I don't know if that makes it any harder or easier. Thanks for any thoughts...

Rats, looks like mysqlnd isn't installed so I guess I'll have to create an array to store the values in within the called function, then pass the array back to the caller function. Thanks again...

Great information, thanks for your help. We're on 5.3, but will have to check into the mysqlnd driver. I'll try that and re-post with results. Thanks very much!

I'm working on a REST service and just to get the basic communication working, set up a SQL query and returned the $result query object to a calling function like so: $result = $this->db->query(" SELECT user_id, user_name, filter_prefs FROM user_prefs WHERE user_id = ". $user_id ); //Result is Object. return $result; The $result variable was using in the calling function like this: if($result->num_rows){ while ($row = $result->fetch_assoc()) { . . . This all worked. However, I'm now shoring up the code and making the SQL query a prepared statement. I am having trouble sending a query object back to the calling function. When I return the variable, I can't loop through results. $stmt->prepare("SELECT user_id, user_name, filter_prefs FROM user_prefs WHERE user_id = ?"); // Bind variable $stmt->bind_param('i', $user_id); /* execute query */ $stmt->execute(); /* bind result variables */ $stmt->bind_result($theuser, $thename, $theprefs); /* store result - need this to get num_rows */ $stmt->store_result(); return $stmt; If I do a var_dump of $stmt, it doesn't look like it contains any info retrieved from the DB. Does anyone know if there is a straight-forward way to pass the prepared statement object to a calling function similar to the working code above? I may be missing something simple here...