Wrapper Details

The following sections show how to read from and write to different locations using PHP 5’s bundled wrappers. You’ve already seen how to process files stored on your server’s hard drive. Now you use the http and ftp wrappers to access remote files using HTTP and FTP.


The http and ftp wrappers require the allow_url_fopen configuration directive set to On. This is the default setting, but allow_url_fopen may be turned off on some systems because it allows crackers to more easily exploit insecurely written code.

Specifically, when allow_url_fopen is on, include $file will even include remote files. If a cracker is somehow able to set $file to a value of her own, she can make your web server execute any PHP code she wants just by posting it on a web site and setting $file to that URL.

Another wrapper you’ll learn how to use is the php wrapper for standard in, out, and error. This wrapper is particularly useful for people using PHP on the command line or with web services.

The final set of wrappers are the compression wrappers. These wrappers are similar to the file wrapper, except that they let you read and write data that is compressed using gzip and bzip2.


While file_get_contents( ) and file_put_contents( ) may seem to work only for local files, they’re actually valid for any stream that enables them. Since PHP comes with an http stream, this means you can retrieve files using HTTP.

For example, you can fetch index.php from www.example.com:

$index = ...

Get Upgrading to PHP 5 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.