php question get remote url

**bogeyman** · 21 November 2008, 19:32

Originally posted by xoggoth View Post

Still trying to sort out a currency conversion on my site and having a bash at some php:-

$contents = file_get_contents(urlencode('https://select.worldpay.com/wcc/info?op=rates&instId=xxxxx'));
echo $contents;

This gives me:

Warning: file_get_contents(blah blah) [function.file-get-contents]: failed to open stream: No such file or directory in (my host directory)/blahblah.php

Why is it looking for the file locally? Get same with other urls like www.google.com but as I understand it this should work with a remote URL if echo ini_get("allow_url_fopen"); returns 1 which it does.

Cheers

file_get_contents() doesn't accept a non-local URI as a parameter AFAIK.

Would be a bit of a security disaster if it did really, wouldn't it?

There are SOAP services and so on for real-time currency conversions, but normally subscriptions.

**Ardesco** · 21 November 2008, 19:45

Try:

Code:

$contents = file_get_contents(htmlentities('https://select.worldpay.com/wcc/info?op=rates&instId=xxxxx'));
echo $contents;

Instead

**Ardesco** · 21 November 2008, 19:46

Originally posted by bogeyman View Post

file_get_contents() doesn't accept a non-local URI as a parameter AFAIK.

Would be a bit of a security disaster if it did really, wouldn't it?

There are SOAP services and so on for real-time currency conversions, but normally subscriptions.

It does depending on your php.ini settings, you can also override php.ini with:

Code:

ini_set(allow_url_fopen, 1);

However some host's disable this.

**bogeyman** · 21 November 2008, 19:51

Originally posted by Ardesco View Post

It does depending on your php.ini settings, you can also override php.ini with:

Code:

ini_set(allow_url_fopen, 1);

However some host's disable this.

Correct.

But is that still the php.ini default? Hope not

PHP! Bag 'o tulipe!

**NickFitz** · 21 November 2008, 20:28

Originally posted by bogeyman View Post

Correct.

But is that still the php.ini default? Hope not

PHP! Bag 'o tulipe!

How do you expect a server-side script to retrieve data from another server if it can't open a URL? This is one of the fundamental aspects of the way the web works. It doesn't exist solely for the purpose of providing HTML pages to browsers.

As far as I can see the only possible reason for a hosting provider to disable this would be over bandwidth concerns. I wouldn't use a hosting provider that didn't allow this.

xoggoth: you might have more success using the cURL functions. For retrieving an https URL, your hosting provider will have to have included OpenSSL support (or some equivalent library) in their PHP installation (which they should have done if they're any good).

You can check by uploading a temporary file containing the following:

Code:

<?php
phpinfo()
?>

as, say, info.php and going to that page. Scroll down to the "Configuration" section after the copyright notices (about one screen down). The "PHP Core" section should include a row for allow_url_fopen which should have the "Local value" of "on". Scrolling further, you should have subsections for "curl", meaning cURL functions are installed, and "openssl", meaning you can use https URLs - for both of those the first row should state that support is "enabled", otherwise you're out of luck.

Oh, and then remove the info.php file, as it provides information about your server that the rest of the world shouldn't be allowed to see

**Ardesco** · 21 November 2008, 20:34

Depends which PHP distro you get I would assume, but the default php.ini you get from php.net has it on by default.

At the end of the day the webserver admin should know about it and decide if it should be on or off, as there are many legitimate uses for it. Its the so called web admins who don't check the default php.ini who are a bag 'o tulipe, not PHP itself.

**bogeyman** · 21 November 2008, 20:36

Originally posted by NickFitz View Post

How do you expect a server-side script to retrieve data from another server if it can't open a URL? This is one of the fundamental aspects of the way the web works. It doesn't exist solely for the purpose of providing HTML pages to browsers.

I know that you silly bonobo! It should not, however, be enabled by default.

**Ardesco** · 21 November 2008, 20:37

Originally posted by NickFitz View Post

How do you expect a server-side script to retrieve data from another server if it can't open a URL? This is one of the fundamental aspects of the way the web works. It doesn't exist solely for the purpose of providing HTML pages to browsers.

As far as I can see the only possible reason for a hosting provider to disable this would be over bandwidth concerns. I wouldn't use a hosting provider that didn't allow this.

xoggoth: you might have more success using the cURL functions. For retrieving an https URL, your hosting provider will have to have included OpenSSL support (or some equivalent library) in their PHP installation (which they should have done if they're any good).

You can check by uploading a temporary file containing the following:

Code:

<?php
phpinfo()
?>

as, say, info.php and going to that page. Scroll down to the "Configuration" section after the copyright notices (about one screen down). The "PHP Core" section should include a row for allow_url_fopen which should have the "Local value" of "on". Scrolling further, you should have subsections for "curl", meaning cURL functions are installed, and "openssl", meaning you can use https URLs - for both of those the first row should state that support is "enabled", otherwise you're out of luck.

Oh, and then remove the info.php file, as it provides information about your server that the rest of the world shouldn't be allowed to see

Unless of course your friendly web admin has set:

Code:

disable_functions = phpinfo

in the php.ini

**NickFitz** · 21 November 2008, 20:43

Originally posted by xoggoth View Post

Still trying to sort out a currency conversion on my site and having a bash at some php:-

$contents = file_get_contents(urlencode('https://select.worldpay.com/wcc/info?op=rates&instId=xxxxx'));
echo $contents;

This gives me:

Warning: file_get_contents(blah blah) [function.file-get-contents]: failed to open stream: No such file or directory in (my host directory)/blahblah.php

Why is it looking for the file locally? Get same with other urls like www.google.com but as I understand it this should work with a remote URL if echo ini_get("allow_url_fopen"); returns 1 which it does.

Cheers

Actually xog, your problem is almost certainly the urlencode call: this turns the slashes and so on into their urlencoded form.

Assuming xxxxx represents some value that might contain special characters and needs URLEncoding, try

Code:

$encoded_inst_id = urlencode($inst_id);
$contents = file_get_contents('https://select.worldpay.com/wcc/info?op=rates&instId='.$encoded_inst_id);
echo $contents;

Or have a look at the first example at http://www.php.net/manual/en/features.remote-files.php if you want finer control over file processing.

php question get remote url