2

I need to get data from an API using curl in PHP, but I have no experience with this?

I've been using PHP for a while now (beginer/intermediate level), but I don't know how to use the curl command or how to make a PHP version of this.

All I know of the API is that to get a list of all the books I kan use:

curl --request GET \
--url 'http://example.com/{identifier}'

using "main" as the {identifier}

This is supposed to give me a list of alle the books, and then I can use 

curl --request GET \
--url 'http://example.com/feed/{identifier}'

to get the (meta) data of the books (Title, Author, Description, Year, Cover)

I've tried using $curl = curl_init("http://example.com/feed/main"); and then using curl_setopt_array($curl, array() to get the data, but i get an "WARNING curl_init() has been disabled for security reasons" error.

I'm totally lost and starting from scratch on these API/curl calls...

Hope someone can explain it to me?

(using Xampp on Windows)

Tom
  • 23
  • 1
  • 4
  • See here a possible solution for your curl being disabled. https://stackoverflow.com/questions/22075803/curl-init-has-been-disabled-for-security-reasons – Ilie Pandia May 04 '18 at 10:31

4 Answers4

1
  1. Locate your PHP.ini file (normally located at in the /bin folder of your Apache install for example.
  2. Open the PHP.ini in text editor
  3. Search or find the following : ;extension=php_curl.dll
  4. Uncomment this by removing the semi-colon ; before it
  5. Save and Close PHP.ini
  6. Restart your Web Server (Apache or Nginx for example)

You can test if cURL is enabled using this sample code:

<?php
// Test if cURL is enabled
echo 'Curl: ', function_exists('curl_version') ? 'Enabled' . "\xA" : 'Disabled' . "\xA";
?>
richardev
  • 976
  • 1
  • 10
  • 33
0

First enable curl for your xamp. To do so follow the steps
1. Go to C:\Program Files\xampp\php\php.ini
2. Un-comment the following line on your php.ini file by removing the semicolon.
;extension=php_curl.dll to extension=php_curl.dll
3. Restart your apache server.

Then user thr curl like

$url= "http://example.com/feed/main";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_ENCODING, ""); // this will handle gzip content
$result = curl_exec($ch);
curl_close($ch);
print $result;
Bibhudatta Sahoo
  • 4,808
  • 2
  • 27
  • 51
  • ...because PHP only runs on MSWindows / the OP said they were using MSWindows? And this is the right way to fix a disabled function (as opposed to an non-loaded one) – symcbean May 04 '18 at 11:39
  • The OP is not said but If he is using Xamp then for him, is it the correct solution or not ? – Bibhudatta Sahoo May 04 '18 at 11:42
  • Sorry. Didn't specify which environment I was using but I'm using xampp on Windows.... Curl was commented out in php.ini for some reason? The curl code works and gives me a string with the items. Guess I'll just have to use `explode()` to convert the string to an `array()` or is there a way to do this better? I get a string like this ["new-books","best-sellers","fantasy","romance"] – Tom May 04 '18 at 12:25
  • Tried using `curl_setopt_array()` but this doesn't work since the curl API call returns a string? Fixed it by using `str_replace()` and `explode()` to turn it into an `array()`. – Tom May 04 '18 at 12:48
  • Okay, you got it :) – Bibhudatta Sahoo May 04 '18 at 13:06
  • Dooh! I'm not using my brain... The data from the API is of course a `JSON` string so there's no need to use `explode()` since I can just use `json_decode()`... – Tom May 04 '18 at 13:31
0

If you are only doing a simple GET to pull data then you can use file_get_contents() IF the fopen() http/https wrappers haven't been disabled. See http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen

Should you need to set an auth token in the header, define a cookie, etc. first then you'll need to set up/create a context first - http://php.net/manual/en/function.stream-context-create.php

Unfortunately, the file_get_contents() only works for GET requests. If you end up needing to do a POST, PUT, or DELETE then you'll need to get curl working for your PHP install, or perhaps use the system's curl and exec() or similar. Although if curl is disabled for security reasons I doubt you can use exec() and friends.

ivanivan
  • 2,155
  • 2
  • 10
  • 11
  • This is actually a very simple solution as I only need to use `GET`. But since my question include the `curl_init()` warning and using curl I have to choose another answer as the solution (but your answer also works great). Thanks. – Tom May 04 '18 at 12:32
0

(there are a lot of similar question on StackOverflow, but the qulity of answers is not very good for all the ones I've looked at - hence not marking this as a duplicate)

I can't tell you why it has been disabled on the installation you are using, but it is common practice on basic hosting packages to restrict the level of functionality and the applications ability to interact with the local infrastructure. I would like to think that conscientious package maintainers would also distribute PHP with as safe a default configuration as possible.

I'm totally lost and starting from scratch on these API/curl calls...

There's 2 issues here - your understanding of how this should work and the error message that is preventing your code from running. If we worry about the latter then at least you will be in a position to address the former yourself.

WARNING curl_init() has been disabled for security reasons

This message indicates that either safe_mode is enabled or curl_init is included in the list of disabled functions in your PHP.ini.

If you don't know where your php.ini file is - check the output of

<?php phpinfo();

Note that some ini settings can be overridden elsewhere - e.g. in Apache's httpd.config or .htaccess files - but not these ones.

If you cannot access the ini file, or the setting are you can check these using:

 <?php
   print ini_get('disable_functions') 
   . "<br>" . ini_get('disable_classes')
   . "<br>" . init_get('safe_mode');

In the case of curl_init, we are really only interested in the first one of these. But as per above - if we are talking about host you don't have full control over, then it may be a constraint of your hosting package.

IIRC, an entry in disable_functions will mask out a missing extension - so you might remove the entry from php.ini and start seeing undefined function errors. In that case you need to install the extension as described by others here (but the relevant filename is php_curl.so on Unix/Linux systems) remembering to restart httpd/php-fpm as appropriate.

You can now call the function. That doesn't mean that your host will be able to:

  • resolve the hostname in the URL
  • establish an http/https connection

But you'll see different errors.

symcbean
  • 47,736
  • 6
  • 59
  • 94