Joined March 2012
·

Ryan Parman

Engineering Manager, Site Reliability at McGraw-Hill Education
·
Seattle, WA
·
·
·

Posted to How to send files via cURL in PHP over 1 year ago

If you're using the curl functions directly in PHP, you're doing it wrong. The curl functions are extremely low-level, and are very easy to configure in an insecure way. You are better off, 99.9% of the time, using a fortified, professional-grade package like Guzzle that does everything right (securely) by default.

Please don't take advantage of type weirdness in PHP to do this (i.e., $myVar + 0). Use type casting like a grown-up.

$myInt = (int) "0";

The https://github.com/Spomky-Labs/jose library is substantially faster than the one you posted. And yes, APIs are supposed to be stateless. Sessions are fine when you're working with a web browser. Even more secure, however, is a variant of the JOSE standard referred to as PASETO, which closes some security loopholes in the original spec. https://paseto.io

Lastly, please don't use this helper class. It's written for PHP 5 which is entirely EOL at this point. Reviewing the code, it looks like it was originally written for PHP 5.2, which came out around 10+ years ago. Not to be mean to the author; we've all written code for PHP 5 before, but its time has come and gone. The code referenced in this post needs to be modernized before it's useful for versions of PHP that are still supported (7.1+ at the time of this writing).

Achievements
80 Karma
13,696 Total ProTip Views