php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50060 "failed creating formpost data" if post array value starts with '@'
Submitted: 2009-11-03 07:29 UTC Modified: 2009-11-03 21:37 UTC
From: bugs dot php dot net at sgerrand dot com Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.2.11 OS: Linux (Ubuntu x86_64 2.6.31-14)
Private report: No CVE-ID: None
View Developer Edit
 [2009-11-03 07:29 UTC] bugs dot php dot net at sgerrand dot com 
Description:
------------
PHP's cURL library dies returning the error message "failed creating 
formpost data" when trying to use an array that contains a value 
starting with '@'. 

If the array is changed to a string in URL encoded like format, the 
problem does not occur.

Reproduce code:
---------------
<?php

$url = 'http://www.php.net';
$postData = array('key' => '@value');
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);

if (! curl_exec($ch) ) print 'cURL error: ' . curl_error($ch);
else print "cURL success";

curl_close($ch);

?>

Expected result:
----------------
cURL success

Actual result:
--------------
cURL error: failed creating formpost data

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-03 10:18 UTC] scottmac@php.net 
@ has a special meaning with cURL and takes the contents of the file.
 [2009-11-03 10:44 UTC] bugs dot php dot net at sgerrand dot com 
Please refer to the documentation for curl_setopt() - 
http://php.net/curl_setopt

CURLOPT_POSTFIELDS	 The full data to post in a HTTP "POST" 
operation. To post a file, prepend a filename with @ and use the full 
path. This can either be passed as a urlencoded string like 
'para1=val1&para2=val2&...' or as an array with the field name as key 
and field data as value. If value is an array, the Content-Type header 
will be set to multipart/form-data.

The case I have logged is when data to be posted using this option is 
an array which happens to have a value that starts with '@', as per 
the example. This edge case is being caused by the function used to 
create the form data to pass to cURL.

I would note that the cURL command line client on any POSIX system can 
perform this without issue - i.e.: 

curl -d 'key=@value' http://www.php.net/
 [2009-11-03 11:58 UTC] scottmac@php.net 
-d is for the whole data, what we really have here is -F for formdata.

curl -F 'key=@value' http://www.php.net/
 [2009-11-03 21:37 UTC] bugs dot php dot net at sgerrand dot com 
Regardless, if the existing functionality for constructing form data 
with the CURLOPT_POSTFIELDS option will not be changed, can the 
documentation for curl_setopt() be altered to more explicitly indicate 
that *any* array value that starts with '@' will be treated as a file 
for upload.
 [2010-03-24 09:39 UTC] guille at nianoniano dot com 
We should have to be able to tell wheter a POST field is intended to be interpreted as a path for a file submission or simply as text not just by adding a '@' character at the begining of a POST parameter's value.

Firstly because the curl lets it and PHP's implementation of this functions are actually diminishing this feature.

And secondly because it brings some operational problems that makes us to produce worse code: the need to convert the POST payload array of parameters to a string.

A good example for this need is a Twitter library that i'm currently working on. It a very common case to have a POST parameter starting with the '@' character and i'm forced to convert the array into a string and then deal with other derivative problems like handling the presence of characters like '&' in the value of a parameter. This wastes processing time, resources and makes worse source code.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Apr 02 18:01:31 2025 UTC