Friday, August 15, 2014

How to be able to send form data with the '@' character at the beginning of the data string in PHP cURL

If you post form data using cURL in php, you cannot use the '@' character at the beginning of a data string value (e.g: password=@@mypassword). '@' is the indicator for file path in POST operation of cURL. You need to disable the '@' prefix to be able to send data string start with '@' character.

Here is the description of PHP cURL's CURLOPT_POSTFIELDS option:


The full data to post in a HTTP "POST" operation. To post a file, prepend a filename with @ and use the full path. The filetype can be explicitly specified by following the filename with the type in the format ';type=mimetype'. This parameter can either be passed as a urlencoded string like 'para1=val1&para2=val2&...' or as an array with the field name as key and field data as value. If value is an array, the Content-Type header will be set to multipart/form-data. As of PHP 5.2.0, value must be an array if files are passed to this option with the @ prefix. As of PHP 5.5.0, the @ prefix is deprecated and files can be sent using CURLFile. The @ prefix can be disabled for safe passing of values beginning with @ by setting the CURLOPT_SAFE_UPLOAD option to TRUE.

For example:
curl_setopt($ch, CURLOPT_URL, $editGuardian3URL);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_SAFE_UPLOAD, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $EditGuardianData2);
$buffer = curl_exec($ch);
Note that you need to set the CURLOPT_SAFE_UPLOAD option before the CURLOPT_POSTFIELDS option.