支持的协议和封装协议

PHP 带有很多内置 URL 风格的封装协议,可用于类似 fopen()copy()file_exists()filesize() 的文件系统函数。 除了这些封装协议,还能通过 stream_wrapper_register() 来注册自定义的封装协议。

Note: 用于描述一个封装协议的 URL 语法仅支持 scheme://... 的语法。 scheme:/scheme: 语法是不支持的。

Table of Contents

User Contributed Notes

Anonymous 13-Aug-2017 09:37
If you want to filter incoming data through php://input use this:

file_get_contents("php://filter/read=string.strip_tags/resource=php://input");

I couldn't find any documentation to explain how to do this. All the examples I came across suggested that a full and actual URL had to be used (which didn't work for me).

This seems to work though.
John Edwards 21-Jul-2017 07:58
Please note that php://input is only functional if "allow_url_include" is set to "On" in php.ini file.

Apache generates a warning by default in the error.log as follows if allow_url_include is not set to "On":

"PHP Warning:  include(): Failed opening 'php://input' for inclusion (include_path='.:/usr/share/php:/usr/share/pear', ....) ...."
Anonymous 29-Jan-2016 05:58
Note that STDIN and similar are defined only in CLI
ohcc at 163 dot com 06-Nov-2015 03:45
<?php
   
//enable $HTTP_RAW_POST_DATA when necessary
   
ini_set('always_populate_raw_post_data',-1);
   
$HTTP_RAW_POST_DATA = file_get_contents('php://input');
    echo
$HTTP_RAW_POST_DATA;
?>
nguyenanthuan at gmail dot com 18-Nov-2014 08:05
Each stream pointer to php://memory and php://temp has its own memory allocation, so you can open many stream pointers to store your separated values.

<?php
$fp
= fopen("php://temp", "r+");
$fp2 = fopen("php://temp", "r+");

fwrite($fp, "line1\n");
fwrite($fp2, "line4\n");
fwrite($fp, "line2\n");
fwrite($fp2, "line5\n");
fwrite($fp, "line3\n");
fwrite($fp2, "line6\n");

var_dump(memory_get_usage());

rewind($fp);
while(!
feof($fp)) {
   
var_dump(fread($fp, 1024));
}
fclose($fp);
var_dump(memory_get_usage());

rewind($fp2);
while(!
feof($fp2)) {
   
var_dump(fread($fp2, 1024));
}
fclose($fp2);
var_dump(memory_get_usage());
?>

Closing their stream handles will also free the allocated memory.

php://memory stream type is MEMORY, while php://temp stream type is STDIO FILE*.
vibhavsinha91 at gmail dot com 09-Sep-2014 07:35
While writing to error stream, error_log() function comes as a shorthand to writing to php://stderr . This function also allows writing to web server log when running through a web server such as apache.
Chris 06-May-2014 12:30
If you use php://input and want to make an array of it (like $_POST), make sure you explode the string by "&" then urldecode it or you could end up with blank array elements.  E.g.

<?php
$post
= array_map('urldecode', explode('&', file_get_contents("php://input")));
oliver at codeinline dot com 14-Feb-2014 04:14
A useful way to handle large file uploads is to do something like:

copy(("php://input"),$tmpfile);

as this avoids using lots of memory just to buffer the file content.

The correct mime type for this should be "application/octet-stream" however if you set this or any other recognised mime type other than "multipart/form-data" on your POST then $HTTP_RAW_POST_DATA is populated and the memory is consumed anyway.

Setting the mime type to "multipart/form-data" raises "PHP Warning:  Missing boundary in multipart/form-data POST data in Unknown on line 0" however it seems to work without a problem.
dave at 4mation dot com dot au 03-Jun-2013 01:46
The use of php://temp/maxmemory as a stream counts towards the memory usage of the script; you are not specifying a new memory pool by using this type of stream.
As noted in the documentation however, this stream type will start to write to a file after the specified maxmemory limit is exceeded. This file buffer is NOT observed by the memory limit.
This is handy if you want your script to have a reasonably small memory limit (eg 32MB) but but still be able to handle a huge amount of data in a stream (eg 256MB)

The only works if you use stream functions like fputs(); if you use $buffer .= 'string'; or $buffer = $buffer . 'string'; you're calling your stream data back into PHP and this will hit the limiter.

As a practical example:

<?php
// 0.5MB memory limit
ini_set('memory_limit', '0.5M');
// 2MB stream limit
$buffer = fopen('php://temp/maxmemory:1048576', 'r+');
$x = 0;
// Attempt to write 1MB to the stream
while ($x < 1*1024*1024) {
   
fputs($buffer, 'a');
   
$x++;
}
echo
"This will never be displayed";
?>

However, change fopen to use php://temp/maxmemory:1 (one byte, rather than one megabyte) and it will begin writing to the unlimited file stream immediately, avoiding memory limit errors.
Anonymous 02-May-2013 06:17
In PHP 5.4+ you can read multipart data via php://input if you set enable_post_data_reading to Off.

Of course if you set it to off, the $_POST and $_FILES superglobals won't be populated at all. It's entirely up to you to parse the data now.
Justin Megawarne 24-Apr-2013 01:42
If my understanding of the implementing code is correct, every time you open a php://memory stream, you get new storage allocated. That is to say, php://memory isn't a shared bank of memory.
fabacrans__ at __nospamhotmail__ dot __com 05-Mar-2013 09:06
You can use "php://input" to accept and parse "PUT", "DELETE", etc. requests.

<?php
// Example to parse "PUT" requests
parse_str(file_get_contents('php://input'), $_PUT);

// The result
print_r($_PUT);
?>

(very useful for Restful API)
php at rapsys dot eu 06-Aug-2012 11:00
Here is a snippet to read compressed raw post data without enabling global variables.

I needed it to read xml posted data submitted by ocs agent. The data was sent as Content-Type: application/x-compressed (zlib compressed data).

It seems related to an old bug which still seems broken :
https://bugs.php.net/bug.php?id=49411

The important part is the default window set to 15 instead of -15.

Code snippet
<?php
$data
= '';
$fh = fopen('php://input', 'rb');
stream_filter_append($fh, 'zlib.inflate', STREAM_FILTER_READ, array('window'=>15));
while(!
feof($fh)) {
   
$data .= fread($fh, 8192);
}
?>
aaron dot mason+php at thats-too-much dot info 05-Jun-2012 10:46
Be aware of code injection, folks - like anything else you take from the user, SANITISE IT FIRST.  This cannot be stressed enough - if I had a dollar for each time I saw code where form input was taken and directly used (by myself as well, I've been stupid too) I'd probably own PHP.  While using data from a form in a URL wrapper is asking for trouble, you can greatly minimise the trouble by making sure your inputs are sane and not likely to provide an opening for the LulzSec of the world to cause havoc.
Toby 19-May-2012 07:12
Dangerous stuff. Had php injection attacks like:

?-dallow_url_include%253don+-dauto_prepend_file%253dphp://input

due to this
Anonymous 04-May-2012 04:00
For php://filter the /resource=foo part must come last. And foo needs no escaping at all.
php://filter/resource=foo/read=somefilter would try to open a file 'foo/read=somefilter' while php://filter/read=somefilter/resource=foo will open file 'foo' with the somefilter filter applied.
Rakesh Verma [rakeshnsony at gmail dot com] 19-Mar-2012 07:18
/**********************************/
Example JSON Request:
{
    "username" : "rakeshnsony",
    "password" : "abcdefg"
}
/**********************************/
<?php

//To access json format data
$requestBody = file_get_contents('php://input');
$requestBody = json_decode($requestBody);

echo
"username is: ".$requestBody->username;

echo
"<br /><br />";

echo
"password is: ".$requestBody->password;
//
leonid at shagabutdinov dot com 23-Jul-2011 06:45
For https for windows enable this extension:

extension=php_openssl.dll
sebastian dot krebs at kingcrunch dot de 05-Feb-2011 01:49
The stream php://temp/maxmemory:$limit stores the data in memory unless the limit is reached. Then it will write the whole content the a temporary file and frees the memory. I didnt found a way to get at least some of the data back to memory.
gjaman at gmail dot com 15-May-2008 11:15
You can decompress (gzip) a input stream by combining wrappers:

eg:  $x = file_get_contents("compress.zlib://php://input");

I used this method to decompress a gzip stream that was pushed to my webserver
jerry at gii dot co dot jp 17-Aug-2007 07:11
Not only are STDIN, STDOUT, and STDERR only allowed for CLI programs, but they are not allowed for programs that are read from STDIN. That can confuse you if you try to type in a simple test program.
sander at medicore dot nl 14-Jun-2007 01:25
to create a raw tcp listener system i use the following:

xinetd daemon with config like:
service test
{
        disable      = no
        type         = UNLISTED
        socket_type  = stream
        protocol     = tcp
        bind         = 127.0.0.1
        port         = 12345
        wait         = no
        user         = apache
        group        = apache
        instances    = 10
        server       = /usr/local/bin/php
        server_args  = -n [your php file here]
        only_from    = 127.0.0.1 #gotta love the security#
        log_type     = FILE /var/log/phperrors.log
        log_on_success += DURATION
}

now use fgets(STDIN) to read the input. Creates connections pretty quick, works like a charm.Writing can be done using the STDOUT, or just echo. Be aware that you're completely bypassing the webserver and thus certain variables will not be available.
ben dot johansen at gmail dot com 25-Oct-2006 11:57
followup:

I found that if I added this line to the AJAX call, the values would show up in the $_POST

xhttp.setRequestHeader('Content-Type',
'application/x-www-form-urlencoded');
ben dot johansen at gmail dot com 29-Aug-2006 08:02
Example of how to use the php://input to get raw post data

//read the raw data in
$roughHTTPPOST = file_get_contents("php://input");
//parse it into vars
parse_str($roughHTTPPOST);

if you do readfile("php://input") you will get the length of the post data
ben dot johansen at gmail dot com 29-Aug-2006 09:33
In trying to do AJAX with PHP and Javascript, I came upon an issue where the POST argument from the following javascript could not be read in via PHP 5 using the $_REQUEST or $_POST. I finally figured out how to read in the raw data using the php://input directive.
   
Javascript code:
=============
      //create request instance     
      xhttp = new XMLHttpRequest();
      // set the event handler
      xhttp.onreadystatechange = serviceReturn;
      // prep the call, http method=POST, true=asynchronous call
      var Args = 'number='+NbrValue;
      xhttp.open("POST", "http://<?php echo $_SERVER['SERVER_NAME'] ?>/webservices/ws_service.php", true);
      // send the call with args
      xhttp.send(Args);

PHP Code:
    //read the raw data in
    $roughHTTPPOST = file_get_contents("php://input");
    //parse it into vars
    parse_str($roughHTTPPOST);
heitorsiller at uol dot com dot br 07-Jul-2006 04:55
For reading a XML stream, this will work just fine:
<?php

$arq
= file_get_contents('php://input');

?>

Then you can parse the XML like this:

<?php

$xml
= xml_parser_create();

xml_parse_into_struct($xml, $arq, $vs);

xml_parser_free($xml);

$data = "";

foreach(
$vs as $v){

        if(
$v['level'] == 3 && $v['type'] == 'complete')
               
$data .= "\n".$v['tag']." -> ".$v['value'];
}

echo
$data;

?>

PS.: This is particularly useful for receiving mobile originated (MO) SMS messages from cellular phone companies.
nyvsld at gmail dot com 27-Nov-2005 07:28
php://stdin supports fseek() and fstat() function call,
while php://input doesn't.
drewish at katherinehouse dot com 25-Sep-2005 08:50
Be aware that contrary to the way this makes it sound, under Apache, php://output and php://stdout don't point to the same place.

<?php
$fo
= fopen('php://output', 'w');
$fs = fopen('php://stdout', 'w');

fputs($fo, "You can see this with the CLI and Apache.\n");
fputs($fs, "This only shows up on the CLI...\n");

fclose($fo);
fclose($fs);
?>

Using the CLI you'll see:
  You can see this with the CLI and Apache.
  This only shows up on the CLI...

Using the Apache SAPI you'll see:
  You can see this with the CLI and Apache.
chris at free-source dot com 26-Apr-2005 09:52
If you're looking for a unix based smb wrapper there isn't one built in,  but I've had luck with http://www.zevils.com/cgi-bin/viewcvs.cgi/libsmbclient-php/ (tarball link at the end).
nargy at yahoo dot com 24-Sep-2004 12:16
When opening php://output in append mode you get an error, the way to do it:
$fp=fopen("php://output","w");
fwrite($fp,"Hello, world !<BR>\n");
fclose($fp);
aidan at php dot net 27-May-2004 12:34
The contants:

* STDIN
* STDOUT
* STDERR

Were introduced in PHP 4.3.0 and are synomous with the fopen('php://stdx') result resource.
lupti at yahoo dot com 29-Nov-2003 11:04
I find using file_get_contents with php://input is very handy and efficient. Here is the code:

$request = "";
$request = file_get_contents("php://input");

I don't need to declare the URL filr string as "r". It automatically handles open the file with read.

I can then use this $request string to your XMLparser as data.
sam at bigwig dot net 15-Aug-2003 05:02
[ Editor's Note: There is a way to know.  All response headers (from both the final responding server and intermediate redirecters) can be found in $http_response_header or stream_get_meta_data() as described above. ]

If you open an HTTP url and the server issues a Location style redirect, the redirected contents will be read but you can't find out that this has happened.

So if you then parse the returned html and try and rationalise relative URLs you could get it wrong.