I wonder if there is any difference between using cURL and file_get_contents and which one is safer?
Home
Thanks in advance.
I wonder if there is any difference between using cURL and file_get_contents and which one is safer?
Home
Thanks in advance.
First file_get_contents
is intended to read the contents of a file. But can also be used to read urls.
In PHP, there are some Wrappers (a definition similar to the http request protocol), where you can define what type of stream will be read by these functions.
For example, with file_get_contents
I can read: data in memory, data sent via Http Post or Put, RAR extension file, and HTTP urls.
To illustrate, I show below how to read the data sent via POST or PUT, in an HTTP request. They can be accessed by file_get_contents
and other file reading functions in PHP ( fopen
or readfile
).
Example:
$raw_http_post = file_get_contents('php://input');
See the list of Wrappers supported by PHP .
So, then it is possible through the wrapper http://
or https://
to make requests for urls. This is not limited only to requests of type GET
, as was quoted in the other response, but for any type of HTTP request method, such as POST
, PUT
, and the like.
In the latter case, it is only necessary to add a context (via the stream_context_create
function) to the read function where you are reading the data from a url
.
Request example with context
// Desabilita a verificação de SSL
$config = array(
"ssl"=> array(
"verify_peer"=>false,
"verify_peer_name"=>false,
),
);
$context = stream_context_create($config);
file_get_contents("http://site.com.br/", false, $context);
According to the PHP manual:
PHP supports libcurl, a library created by Daniel Stenberg, which allows you to connect and communicate with different types of servers using different types of protocols. libcurl currently supports http, https, ftp, gopher, telnet, dict, file, and ldap protocols. libcurl also supports HTTPS, HTTP POST, HTTP PUT, FTP upload (can also be done with PHP ftp extension), HTTP upload by form, proxies, cookies, and user authentication and password.
That is, the curl contains the purpose of making requests of various types. It is widely used to make requests to http and https protocols.
It, unlike file_get_contents
, does not support reading system files from your server. This is a good point to note.
Permissions to read URLs
Using filetype reading functions in PHP, the allow_url_open
directive must be enabled on its php.ini
. Without
you will not be able to do this operation.
However, since the curl
extension is prepared just for this type of request, there are no reading restrictions of urls
.
Simultaneous requests
Another important point to note is that with file_get_contents
you can not make simultaneous requests, already with Curl is possible .
I'll explain what simultaneous requests mean.
These are essential to reduce the processing time of your page.
Let's suppose that when you make a request to a PHP script, you need to make requests for 5 other pages. For each url that you capture the request, it is necessary to wait for a response for the other operation to be done.
With concurrent requests, curl
internally sends the requests, being only necessary to wait for all the responses to be completed.
file_get_contents
in addition to read the entire contents of a file to a string is also often used for simple requests to urls, although from the php 4.3 we can also define other parameters of the request when they are necessary there is always a tendency to use curl
instead of the parameter context of file_get_contents
curl
is a fully configurable tool, we can define all options and more for a given request.
As far as security is concerned, the service / url to which the request is to be made, be curl
or file_get_contents
is that you have to worry about it. But for a simple GET
request, just define that only a certain User-Agent
(ex: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
) is that you can access DEFAULT file_get_contents
no longer works, there is a tendency to use curl
and define a User-Agent
in the request (although file_get_contents
is also possible, creating a stream and using third parameter of the function).
Example of a request / request GET
with curl setting User-Agent
:
function get_req($url) {
$curl = curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER, True);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20100101 Firefox/7.0.1');
$return = curl_exec($curl);
curl_close($curl);
return $return;
}
And we use this way:
echo get_req('http://pt.stackoverflow.com/questions/134738/diferen%C3%A7a-entre-file-get-contents-e-curl');
In my case, for GET
simple experiment always first file_get_contents
(simply by reducing code), if I return some unexpected result, I'll use it with curl
.