8

very simple php question,

for example, demo.php just returns a text like this "hello".

how can i get this text from an another php page ?

UPDATE:

actually i meant page is outputting it like this "print 'hello';"

Utku Dalmaz
  • 9,780
  • 28
  • 90
  • 130

5 Answers5

7

Does it return "hello", does it output hello or does it simply contains hello? All three scenarios are different problems.

If it return "hello"; as such:

<?php
return "hello";

then you can easily grab its value by including the file and grabbing the return value:

<?php
$fileValue = include('secondFile.php');

If it outputs hello as such:

<?php
echo "hello"; // or print "hello";

you must use output buffering to capture the result:

<?php
ob_start();
include('secondFile.php');
$fileValue = ob_get_contents();
ob_end_clean();

If it contains hello as such:

hello

you can simply read the result:

<?php
$fileValue = file_get_contents('secondFile.txt');

See Also:

Andrew Moore
  • 93,497
  • 30
  • 163
  • 175
2

EDIT: I had initially assumed that executing file_get_contents on a script would grab the output (and not the code). If you want the output, you need to specify the full URL:

$str = file_get_contents("http://example.com/demo.php");

http://php.net/manual/en/function.file-get-contents.php

It would probably be better if you accepted one of the more detailed answers.

Also, see the below:

Community
  • 1
  • 1
karim79
  • 339,989
  • 67
  • 413
  • 406
2

What do you mean by "returns hello"?

If it really returns it as in 

return "hello";

you can get the value simply like this:

$var = include 'demo.php'

if it echoes that value instead, you can read its output:

$var = file_get_contents("http://host/demo.php");
Matteo Riva
  • 24,728
  • 12
  • 72
  • 104
  • -1: Do not use `file_get_contents()` with url. `allow_url_fopen` recommended setting is off for security reasons. It is recommended best practice to keep it that way. – Andrew Moore Feb 13 '10 at 21:25
  • I don't agree on this recommendation, configuration variables should not be set only to babysit bad developers. `allow_url_fopen` is convenient and by itself does no harm. You can write insecure code even with all things turned off. – Matteo Riva Feb 14 '10 at 10:43
1

file_get_contents is the most simple solution however curl is much more efficient. It's faster, more secure and more flexible.

function file_get_contents_curl($url){
    $ch = curl_init();
    curl_setopt($ch,CURLOPT_URL,$url);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); 
    curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,1);
    $content = curl_exec($ch);
    curl_close($ch);
    return $content;
}

$page = file_get_contents_curl('demo.php');
Ben Shelock
  • 20,154
  • 26
  • 92
  • 125
0

The text is returned when PHP interprets the page -- which means you have to either :

  • Run PHP from the command-line
  • Or call the page via your webserver -- which is what you'll generally tend to do.


In the second case, you need to send an HTTP request, and fetch the result, which can be done using file_get_contents (if the allow_url_fopen configuration directive is enabled) :

$content = file_get_contents('http://www.yoursite.com/demo.php');


Another solution, especially useful when allow_url_fopen is disabled, is to use curl ; see for instance the examples on the page of the curl_exec function.

Pascal MARTIN
  • 395,085
  • 80
  • 655
  • 663
  • -1: Do not use `file_get_contents()` with url. `allow_url_fopen` recommended setting is off for security reasons. It is recommended best practice to keep it that way. – Andrew Moore Feb 13 '10 at 21:26
  • @Andrew : I like using `file_get_contents` *(and other functions)* with URLs, and never had any problem doing so ;; `allow_url_fopen` seems to be enabled by default *(see http://www.php.net/manual/en/filesystem.configuration.php )* ;; on the other hand, I would not use URL-access for `require`/`include`, which means I would keep the `allow_url_include` directive disabled, which is its default value too. – Pascal MARTIN Feb 13 '10 at 21:33
  • @Pascal MARTIN: Ever if `allow_url_include` is disabled, having `allow_url_fopen` can also make your website vulnerable to XSS attacks without proper input validation. Please see the following page about `allow_url_fopen` on the **PHP Security Consortium** website: http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html – Andrew Moore Feb 13 '10 at 21:38
  • @Andrew : the part about *"don't do proper input filtering"* and *"bad input filtering"* are important, on that page ;-) ;; `allow_url_fopen` is not a security risk by itself, it's using it badly that causes problems ;; if you consider that anything that can be abused and can lead to security problems should not be used, then, you should absolutly not develop any website, surf on any website, or even turn on your computer ;-) ;; and about XSS, well, any variable passed as `$_GET` can be abused, if there is no proper input validation / output escaping... – Pascal MARTIN Feb 13 '10 at 21:41
  • @Pascal MARTIN: I'm not denying that, but there are such things as best practice (yes, even in PHP) and I based my vote on that. Every credited reference on PHP security and hardening will tell you to put `allow_url_fopen` to off. Having it off prevents accidental use of `file_get_contents()` to retrieve unwanted off-site data, and doesn't prevent you to use fixtures (`curl`) created for that purpose when needed. – Andrew Moore Feb 13 '10 at 21:56
  • 1
    I won't say best practices don't exist in PHP ^^ *(That'd be sad/bad ^^ )* ;; I see your point just fine, no problem :-) ;; But I'll keep using `file_get_contents` to access URL when I think it's easier than curl and don't risk running into portability problems, filtering/validating/escaping data the same way I would using any other function *(such as curl)*. – Pascal MARTIN Feb 13 '10 at 22:03