Question about Remote Files

Connie_Goss

I have an application that needs to run an .asp application on another server. My php.ini has allow_url_fopen set to OFF by default. I need to set it to ON for the call to work when I run the remote program. I understand that there are security risks to leaving this setting on. Is there a way leave it to OFF, then override the setting in my script, then turn if back off? Or is there another approach?

This is new turf for me. If your reply involves "wrappers", please use a "for dummies" approach because I don't understand what these are. Thanks!

NogDog

That particular option can only be set at the system level (e.g. php.ini). I'd suggest using the [man]cURL[/man] extension to make the HTTP request, as it is not affected by that setting.

PS: If you are on PHP 5.2.0 or later, you can set allow_url_include to off in order to prevent the most dangerous thing: including/requiring remote files, then set allow_url_fopen to on so you can use things like file_get_contents() (assuming you have access/permission to change those settings).