Update May 2010: This is one of my most popular blog entries, so it seems worthwhile to modernize it a little. I've added an example of a generic REST helper that I've been using in a couple of places below the original do_post_request function in this entry. Enjoy!

I don't think we do a very good job of evangelizing some of the nice things that the PHP streams layer does in the PHP manual, or even in general. At least, every time I search for the code snippet that allows you to do an HTTP POST request, I don't find it in the manual and resort to reading the source. (You can find it if you search for "HTTP wrapper" in the online documentation, but that's not really what you think you're searching for when you're looking).

So, here's an example of how to send a POST request with straight up PHP, no cURL:

function do_post_request($url, $data, $optional_headers = null)
  $params = array('http' => array(
              'method' => 'POST',
              'content' => $data
  if ($optional_headers !== null) {
    $params['http']['header'] = $optional_headers;
  $ctx = stream_context_create($params);
  $fp = @fopen($url, 'rb', false, $ctx);
  if (!$fp) {
    throw new Exception("Problem with $url, $php_errormsg");
  $response = @stream_get_contents($fp);
  if ($response === false) {
    throw new Exception("Problem reading data from $url, $php_errormsg");
  return $response;

$optional_headers is a string containing additional HTTP headers that you would like to send in your request.

PHP's HTTP wrapper will automatically fill out the Content-Length header based on the length of the $data that you pass in. It will also automatically set the Content-Type to application/x-www-form-urlencoded if you don't specify one in the $optional_headers.

I find this very handy; I don't need to code in redirection logic, HTTP auth handling, user agent setting and so on; they are handled for me by PHP. This works for HTTPS as well, if you have openssl enabled.

You may also want to look into http_build_query() which is a convenience function that allows you to assemble query/post parameters from a PHP variable, applying appropriate escaping. You can find an example of this in the REST helper below.

Kudos to Sara Golemon for both http_build_query and exposing the HTTP context parameters up to userspace.

A Generic REST helper

Many web services offer a REST-ful interface for consuming their data, using GET requests for information retrieval and POST requests for making changes. Below you'll find a helper function that can very easily be used to consume a REST API.

The $url parameter is the HTTP or HTTPS URL for the web service. $params is an associative array of form parameters to pass to the web service; they will be passed as _GET parameters for GET requests or _POST parameters for POST requests. The $verb parameter can be GET or POST (and presumably any other valid HTTP REQUEST verb, such as PUT or DELETE, although I haven't tried those and can't say whether they will work as expected). The $format parameter can be "json" or "xml" and will automatically return a decoded json or XML document, respectively.

I've used simplexml here because it is... simple. You could very easily add a "dom" format to return the object using the richer and more complex DOM API instead.

This function uses the ignore_errors context parameter. Without this set (the default is false), PHP will treat 400 and 500 HTTP status codes as a failure to open the stream and won't return you any data. This is usually what you want when using fopen or file_get_contents, but REST services tend to set the HTTP status to indicate the error and will usually send back a payload that describes the error. We turn on ignore_errors so that we treat any returned payload as json or xml.

When using POST with REST, take care: PHP's HTTP redirection handler will drop your POST payload if the endpoint issues a redirect. If you experience problems using POST with the function below, it might be due to redirects. Most of the POST calls I've run into issue redirects if the URL is missing a trailing '/' character. In other words, if you experience problems where it seems like your parameters are not being sent in, try appending a '/' to the end of the URL and try it again.

function rest_helper($url, $params = null, $verb = 'GET', $format = 'json')
  $cparams = array(
    'http' => array(
      'method' => $verb,
      'ignore_errors' => true
  if ($params !== null) {
    $params = http_build_query($params);
    if ($verb == 'POST') {
      $cparams['http']['content'] = $params;
    } else {
      $url .= '?' . $params;

  $context = stream_context_create($cparams);
  $fp = fopen($url, 'rb', false, $context);
  if (!$fp) {
    $res = false;
  } else {
    // If you're trying to troubleshoot problems, try uncommenting the
    // next two lines; it will show you the HTTP response headers across
    // all the redirects:
    // $meta = stream_get_meta_data($fp);
    // var_dump($meta['wrapper_data']);
    $res = stream_get_contents($fp);

  if ($res === false) {
    throw new Exception("$verb $url failed: $php_errormsg");

  switch ($format) {
    case 'json':
      $r = json_decode($res);
      if ($r === null) {
        throw new Exception("failed to decode $res as json");
      return $r;

    case 'xml':
      $r = simplexml_load_string($res);
      if ($r === null) {
        throw new Exception("failed to decode $res as xml");
      return $r;
  return $res;

// This lists projects by Ed Finkler on GitHub:
foreach (
    ->repositories as $repo) {
  echo $repo->name, "<br>\n";
  echo htmlentities($repo->description), "<br>\n";
  echo "<hr>\n";

// This incomplete snippet demonstrates using POST with the Disqus API
      'api_version' => '1.1',
      'user_api_key' => $my_disqus_api_key,
      'identifier' => $thread_unique_id,
      'forum_api_key' => $forum_api_key,
      'title' => 'HTTP POST from PHP, without cURL',
    ), 'POST'

You can find more documentation on the HTTP wrapper options in the HTTP and HTTPS page in the PHP manual, more on the GitHub API at, more on the Disqus API and more on Ed Finkler at his blog.

View Comments