0

I have the following code:

$poststr = "param1=<html><head></head><body>test1 & test2</body></html>&param2=abcd&param3=eeee";
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "http://www.mytest.com");
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookiefile);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $poststr);
curl_setopt($curl, CURLOPT_ENCODING, "");
$curlData = curl_exec($curl);

The post is not working and I'm guessing it has to do with the fact that the param1 has HTMl in it. But if I use htmlentities() it doesn't help. I've tried using urlencode() but still no go.

user838437
  • 1,451
  • 7
  • 23
  • 31
  • Try htmlentities_encode? – chandresh_cool Apr 22 '13 at 12:52
  • try it as an array. `$post['param1']='test1 & test2';` etc.. – Waygood Apr 22 '13 at 12:55
  • @Waygood do I need to set this? ``curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-type: multipart/form-data"));`` – user838437 Apr 22 '13 at 12:56
  • Why on earth would you want to do this? Regardless, the issue is the unencoded ampersand. Construct the data as an array and pass it through [`http_build_query()`](http://php.net/http-build-query). You *can* pass an array directly to cURL but doing so will cause the request body to be larger than strictly necessary (cURL encodes this to `multipart/form-data`). This arguably doesn't matter, but personally I prefer to control the exact body string that is sent to the remote server. – DaveRandom Apr 22 '13 at 12:58
  • wouldn't have thought so multipart is for file uploads – Waygood Apr 22 '13 at 12:58
  • @DaveRandom Not sure what you mean by 'Why on earth would you want to do this?', Why do I want to pass parameters filled with HTML content or why would I do it this way? Second questions is obviously because I couldn't think of a better way, this is why I came here. – user838437 Apr 22 '13 at 12:59
  • 3
    @user838437 The question/comment was about the general practice of sending HTML to another server. In general you should send the data that the encoded form represents, rather than the encoded form. If the HTML *is* the data then that's fine - but it's pretty rare that this is the case. Either way, whenever you do anything like this you should use an array and `http_build_query()` - it is guaranteed to get the escaping right every time and it's much easier to work with in general – DaveRandom Apr 22 '13 at 13:02

1 Answers1

0

Do not forget that & is a special URL delimiter.
In your example <body>test1 & test2</body> is interpreted wrong.
$poststr must be carefully urlencoded. Here is the right way:

$poststr = "param1=".rawurlencode('<html><head></head><body>test1 & test2</body></html>')."&param2=abcd&param3=eeee";

And you should encode all parts of it: param2 and param3.
The easiest way to do that is to use an array and html_build_query():

$params = array();
$params['param1'] = '<html><head></head><body>test1 & test2</body></html>';
$params['param2'] = 'abcd';
$params['param3'] = 'eeee';

//or
//$params = array( 'param1' => '<html><head></head><body>test1 & test2</body></html>',
//                 'param2' => 'abcd',
//                 'param3' => 'eeee'
//               );

$poststr = html_build_query($params);

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "http://www.mytest.com");
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookiefile);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $poststr);
curl_setopt($curl, CURLOPT_ENCODING, "");
$curlData = curl_exec($curl);
Andrey Volk
  • 3,513
  • 2
  • 17
  • 29